May 25 is finally upon us, which means the EU legislation, General Data Protection Regulation (GDPR), has now come into effect.
The GDPR was designed with data protection in mind. Its goal is to regulate how businesses, whever they may be, handle data from their EU-based customers.
That includes, among other things, how they collect data, how they store it, defend it from prying eyes, and use it in their day-to-day activities. Many are seeing GDPR as 'giving the power over data back to the user'. GDPR replaced old data privacy laws that were set up in 1995 and that have been obsolete for some time now.
Businesses that fail to comply with GDPR are facing serious fines, which can go up to four per cent of the company's annual global turnover, or €20 million, depending on which sum is greater.
As with any legislation, GDPR also has two camps. Many privacy advocates are hailing GDPR, saying it will protect user data in the internet era. “If you compare the GDPR with the data protection directive you can really compare it with a piece of software upgrading from 1.0 to 2.0,” said Patrick Van Eecke, partner at law firm DLA Piper.
“It’s a gradual and not a revolutionary kind of thing ... However for many companies it was a huge wakeup call because they never did their homework. They never took the data protection directive seriously.”
Critics, on the other hand, are saying GDPR is overly burdensome, particularly for small businesses.
Image Credit: StartupStockPhotos / Pixabay