The Beginners Guide to General Data Protection Regulation (GDPR)

guide to general data protection regulation

Heard about GDPR?

Simple enough, but with massive impact. Recently these four letters have created enough buzz around globally. And if you happened to belong to data governance or intelligence; you probably know why.

Some people might not know about GDPR but will understand its significance more by the 25th May 2018. These apparently safe four alphabets will massively affect any trade that handles EU residents’ data and should endure by the amendments it might cause.

This article proposes to clarify the consequence of the modifications and permit anybody at any organization level to comprehend the effect and advantages of this control. From key chiefs to marketing groups, this guide reveals why GDPR tends to matter them.

What is GDPR?

GDPR stands as the abbreviated term for the new European General Data Protection Regulations – the greatest change to the data regulations in the entire history of European Union.

GDPR gives individuals more prominent control over how their private information could be utilized and oversees the way each business must deal with individual information – including their workers. It likewise provides regulators with more prominent powers to enforce huge penalties on organizations that fall short to comply.

According to the latest survey, 4 out of 10 UK organizations said they will need to “slash staff or leave the business” in case they are fined. Hence it is crucial for organizations of all volumes to agree to avoid severe penalty charges and probable financial challenges for their organization.

A Concise History of Europe on Data Protection

In the year 2012, the (EC) European Commission set forward its EU Data Protection Reform to prepare Europe for the advancing digital age. The EC achieved an agreement for an entirely new set of regulations in December 2015. The Council adopted the new Regulations and the Directives on 8th April 2016. Furthermore, on 14th April 2016, the Regulations and the Directives were embraced by the European Senate.

On 4th May 2016, the official scripting of the Regulations and the Directives were distributed in the EU Official Journal in every official dialect. While the regulations were in force from 24th May 2016, it should be effective from 25th May 2018.

In the UK, the primary body managing the information insurance is the ICO (Information Commissioners Office). The Data Protection Act has been set up since 1998; however, will be supplanted by the Data Protection Bill when the UK leaves the EU.

Why was the GDPR drafted?

Fundamentally, the GDPR was outlined to fortify nationals’ rights in this digital age and help organizations. It will help in putting forth a set of guidelines for organizations to work within the Digital Single Market. It will help in less segmentation, lessened administrative expenses and mean investment funds for organizations on around €2.3 billion a year and a better-streamlined strategy to handle personal data.


The primary reasons why it was drafted include:

  1. There were requirements for establishing a simple legitimate system for all the EU nations to operate; allowing more consistency and lucidity over 28 nations.
  2. Existing enactments haven’t scoped enough ways in which organizations can avail and utilize people’s personal database. Every year there is an increase in the number of organizations being uncovered as having blemishes in all their data handling approaches, leaving the overall population lacking the trust in the safeguarding process of their information. For instance, the 2016 Yahoo data rupture saw over 1 billion records trade-off. The point is to develop the trust back in people towards the digitalized economy.

What is the Personal Data?

Each time you shop online, or join any networking site or book an online flight ticket, you relinquish your personal attributes, for example, your name, online identifier, address, health info, salary and Visa number and etc.

Ever wondered what happens to this information? Is your information being utilized as a part of marketing and if it is then by whom?

If this organization suffers from an information violation, is your data in danger?

This is the place GDPR becomes effective. Take the case of Max Schrems.

In the year 2012, he documented a demand for each of his information held by the Facebook and was remitted a report of 1200 pages that included even the “deleted or erased” messages.

With the GDPR, the European natives joining on any networking site will have complete access to all their data and have the “right to be overlooked”.

How will GDPR influence your Data?

In essence, execution of GDPR will include:

  • Reinforce citizens’ rights – it would help increase the digital confidence and hence enhance the online financial system. The more the individuals trust on how their private information is processed online, the more they will likely spend on the online services. The worth of the European citizen’s data is possible to grow about €1 trillion every year by 2020 – a valid reason required to abide by and earn EU residents’ trust.
  • Implement a person’s “entitlement to be overlooked” – this implies that if you don’t wish for your personal information to be handled, and if there is no genuine explanation behind an organization to keep it, the information should be erased.
  • Avail the Right to Data Portability– i.e. the privilege to get a copy of their information from one organization online and to pass on it to another without any encumbrance from the initial organization. This will take into consideration an improved competition and permit smaller suppliers and SMEs access to business sectors usually ruled by bigger suppliers.
  • Apply the data protection to latent technological advancements – changes in information storage, for instance, the advent of cloud computing, have altered the conducts in which information is stored.
  • Operate as a “one-stop solution” on individual information – make a solitary DPA (Data Protection Authority) for organizations with a head office in one nation yet establishments over the EU.
  • Comprise one law to agree to – this will profit organizations in Europe by diminishing authoritative expenses and streamlining the current guidelines taking into account quicker resolutions of issues and execution of procedures to secure the information.
  • Make global collaboration less demanding – Instead of functioning around the information issues for all the 28 distinct nations, it will imply less legitimate tape to manage and simpler venture into different nations for SMEs. Thus, this will help injustice across the nations in fighting back to the global crimes.

Punishments for Violating the GDPR

Violation of GDPR

The GDPR now gives information assurance experts more vigorous forces to punish organizations.

As of now, UK organizations observed to be violating the Privacy and Electronic Communication Regulations (PECR) could be penalized up to a sum of £500,000.

Although under the European Union new GDPR regulations, there are 2 sorts of penalties described that have a greater effect on a business:

  1. Administrative fines of up to €10 million or 20% of the cumulative yearly turnover of the preceding fiscal year (whichever is more prominent) might be forced for a violation on the GDPR’s set of accepted rules.
  2. Regulatory fines up to €20 million or around 4% of the cumulative yearly turnover of the previous fiscal year (whichever is more noteworthy) should be forced for genuine information breaches.

To place this in context, a current report by the NCC Group revealed that penalties in regards to the Information Commissioner’s Office (ICO) in the year 2016 would have risen from £880,000 to £69m if GDPR had been previously effective.

Individual Complaints

The clients you contact utilizing their data can likewise report you. Take the case of Flybe, who in August 2016, sent messages with the headline, “Is your information relevant?” to around 3 million individuals in their database. This also included information on individuals who had already withdrawn from their email communications. Flybe was fined £70,000 for violating the Privacy and Electronic Communication Regulations (PECR).

The GDPR makes it extensively less demanding for people to bring private cases when their information security has encroached, and they can sue for pay in genuine cases.

What does the GDPR mean for my business?

  • Communication: By using simple language, clarify your identity while asking for individual information and in which regard you are dispensing this information, to what extent you will hoard it up, and who all will approach it.
  • Assent to process information: in case of kids, teens and youngsters on the social media, checking their ages for parental assent.
  • Access and convenience: let individuals see each of their information you have about them and enable individuals to exchange this information from one organization to another.
  • Notices: educating individuals on data issues and breaches.
  • Eradicate Data: this avails citizen’s their “right to be overlooked” i.e. the privilege to ask your former organization to delete or erase your information, for instance, the remarks individuals make on social media networks in their childhood are not generally content they need their future bosses to see.
  • Profiling: if you are outlining somebody’s data, for instance for a credit application, financial organizations should now guarantee that the concluding decision has to be taken by a man and not by a machine and the candidate has the choice to challenge the decision as well.
  • Marketing: this implies to most organizations working in the present business race. With the GDPR there has to be an alternative to effectively quit or sign out from this marketing world constantly.
  • Safeguard Responsive data: guarantees an EU citizen’s information around their race, health, religion, gender and political convictions are protected constantly. This would apply to specialists and medicinal experts.
  • Exchanging information external to the EU: by making a legitimate course of action for any information being exchanged to the non-EU nations.

Brexit – Will UK businesses still have to comply with the GDPR?

Brexit – Do all the UK firms still need consentient for GDPR?

The European government has affirmed that the UK’s choice to leave the EU won’t influence the initiation of the GDPR. The UK still has an active membership with the EU government until March 2019. With GDPR being effective from May 2018, all the UK SMEs should be prepared to abide by the prerequisites.

By incorporating the GDPR regulations into UK’s laws along with the new Data Protection Bill, the administration is complementing the EU’s GDPR, and as an outcome, UK could stand as a safe place for exchanging EU information. This is critical for any organization that is liable to exchange info and data between the EU and the UK.

Preparing for GDPR

Compliant with this revolutionary change will eventually benefit organizations of all sizes, yet a current YouGov survey pointed out that:

“Only 29% of UK organizations have begun getting ready for the General Data Protection Regulation (GDPR)”.

In the due course, if you belong to the group of organizations yet getting prepared for GDPR, there’s still some left for you to gear up before May 2018. Likely, in this circumstances, it is better to be slow in your preparations but doesn’t tend to be late. Being compliant with the GDPR will only help build your trust levels among the EU inhabitants’ in sharing their own data online, and very likely with your company.

Related Post