GDPR stands for General Data Protection Regulation. It is a legal setup which guides and draws limits for the collection and processing, personal information of individuals in the European Union. The GDPR sets principles for data management and rights of an individual and if information gets leaked then it imposes heavy fine.
- General Data Protection Regulation made by European Parliament and Council of the European Union in 14th April 2016 and Implemented on 25th May 2018
- GDPR is a replacement of the EU’s archaic Data Protection Directive 1995
The GDPR covers all companies’ data in banks, insurers and financial companies of European Union citizens. Basically, GDPR protects EU citizen’s personal information and it is a right of them but if any one discloses information there is a law of maximum fine which is €20m (£17.5m) Or 4% of the company’s global turnover.
GDPR law is a replacement of Data Protection Directive 1995. Individuals get more power to demand companies to reveal or delete their personal data they have. All companies follow GDPR rules but its hard for those companies who have large amounts of consumer data like data brokers, marketers and technology firms. The world’s largest companies updated their sites to follow GDPR rules. Some of the popular Apps like Face book launched tools so that people privacy can be controlled.
Under GDPR Companies can not legally process any person’s (personally identifiable information) without meeting one of the given six conditions below:
- Express consent of the data subject.
- For the performance of a contract with the data subject or to take steps to enter into a contract.
- For compliance with a legal obligation.
- To protect the vital interests of a data subject or another person.
- For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Under GDPR data subject rights include:
Right to be forgotten-data subjects can request personally identifiable data to be erased from a company’s storage. The company has the right to refuse requests if they can successfully demonstrate the legal basis for their refusal.
- Right of access– data subjects can review the data that an organization has stored about them.
- Right to object– data subjects can refuse permission for a company to use or process the subject’s personal data. The company can ignore the refusal if they can satisfy one of the legal conditions for processing the subject’s personal data but must notify the subject and explain their reasoning behind doing so.
- Right to rectification– data subjects can expect inaccurate personal information to be corrected.
- Right to portability – data subjects can access the personal data that a company has about them and transfer it.
GDPR is the requirement of the time to safeguard people personal information and get them satisfied. Everybody sharing their precious information with their friends and families. Their IP addresses and what they searched, their locations, addresses, income resources, like & dislike, bank transactions everything can be traced and can be harmful for them if somebody else knows them. So, for these and some other reasons some Apps and most of the Companies in the world follow GDPR.