Compass Consultancy

Logo
Compass Consultancy

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union (EU) on May 25, 2018, aimed at protecting the personal data of EU citizens. This regulation, accessible at https://gdpr.eu/  applies to all websites and organizations operating within the EU or providing services to EU citizens.

Scope of GDPR

GDPR protects all forms of information defined as ‘personal data,’ which includes any information that identifies or can identify an individual. Examples of personal data include:

  • First Name
  • Last Name
  • Email Address
  • Phone Number
  • IP Address
  • Identification Number
  • Photographs
  • Health Information
  • Political Views
  • Religious Beliefs
  • Race and Ethnic Origin
  • Sexual Orientation

Key Objectives of GDPR

  • Giving Individuals Control Over Their Data: GDPR grants EU citizens the right to know what data is being collected about them, how it is processed, and with whom it is shared. It also provides rights to delete, correct, or restrict the processing of their data.
  • Ensuring Transparency in Data Processing: Organizations must clearly and transparently explain what data they collect, how they use it, and the legal basis for processing it.
  • Ensuring Data Security: Organizations are required to implement appropriate technical and organizational measures to protect personal data against unauthorized access, use, disclosure, alteration, or destruction.

Consequences of Non-Compliance with GDPR

Organizations that fail to comply with GDPR can face fines of up to 4% of their annual global turnover or 20 million euros, whichever is higher. Penalties are determined based on the severity and circumstances of the violation to ensure fairness and proportionality.

Tips for GDPR Compliance

To align your business with GDPR, consider the following tips:

  • Develop a Data Protection Policy: Clearly outline what data you collect, how it is used, and the legal basis for processing it.
  • Explain Data Subject Rights: Inform individuals about their rights to access, correct, delete, and restrict the processing of their data.
  • Implement Secure Data Handling Procedures: Take the necessary technical and organizational measures to protect personal data against unauthorized access, use, disclosure, alteration, or destruction.
  • Report Data Breaches Promptly: In case of a data breach, notify the relevant data protection authority and affected individuals as required by GDPR.

Resources and Links on GDPR

Note: This text is for informational purposes only and does not constitute legal advice. For detailed information on GDPR, consult a lawyer or legal advisor.