The General Data Protection Regulation (GDPR), a protection of all european citizens’ personal data.
Facing the massive development of data – big data -, the European Union decided to specify the modalities of data protection. In view of limiting the risk of flaws from one country to the other, the GDPR will be deployed at European level.
This text entered into force on the 25th of May and represents a real change in the treatment of data of 500 million inhabitants of the European Union. It brings numerous options to the users for better managing personal data.
GDPR applies to all collections, treatments and uses of personal data of physical persons. All European citizens are protected by the GDPR.
Companies that don’t respect the provisions of the GDPR risk penalty. We often hear about the heaviest penalty, which consists of a fine that can amount to 4% of the worldwide turnover for the guilty-found company, or 20 million euros in the absence of incomes. However, before reaching that point, the GDPR allows authorities of personal data a wide range of equally feared measures. Companies, that will not respect the required efforts in terms of cybersecurity of data, will be publicly pinned for their faults, which will not give them good press.
What difference does it make for the users ?
With GDPR, everyone can now have access to its own data and the right to modify them, but also to oppose their use, notably their commercial use. Companies have to ask permission to everyone, while explaining the legitimacy of their use.
What difference does it make for companies ?
GDPR takes up principles that are not new: the consent, the right to forget, the suppression of information after a certain time, the choice of a responsible person for data, etc.
The main newness of GDPR lies in its harmonised approach on an European level regarding right to data: before, every country could establish its own rules, which was a legal puzzle for companies or a new way to circumvent the law.