Salient Features of The European Union General Data Protection Regulation (GDPR):
- Objective: GDPR is aimed at protecting the personal data of EU residents in the new digital world.
- The definition of personal data now explicitly includes location data, IP addresses, and identifiers such as genetic, mental, economic, cultural or social identity of a natural person.
- The GDPR is based on "privacy by design", a concept that data processing procedures are best adhered to when they are integrated at the point at which the technology is created.
- New rights: EU residents will have stronger rights over their personal data such as –
- Right to be ‘forgotten’: They can ask data controllers to erase personal data under certain circumstances.
- Right to ‘Data portability’: They can ask service providers to port data out to another service provider.
- Right to ‘Prevent automated profiling’: This, for instance, prevents a software program from automatically rejecting a mortgage application or a visa request without human judgement being involved.
- Right to ‘informed consent’: Data controller will have to provide consent terms that are clearly distinguishable.
- Penalty: Flouting the rules can attract fines of up to 20 million euros ($24 million) or 4% of an organization’s global annual revenue, whichever is higher.
- Coverage: The regulation covers all the EU member states and citizens, so all global enterprises – regardless of where they are located – with operations or customers in EU must comply.
