There has been a lot of talk about an upcoming change to European data protection law, and you might find yourself asking, what is the General Data Protection Regulation? The General Data Protection Regulation (GDPR) is replacing the European Union (EU) Data Protection Directive (Directive 95) that was established in 1995. The world has seen some significant technological changes since 1995, so the mission behind the GDPR is to protect EU citizens from privacy and data breaches. This post will go over some of the general key changes with the GDPR. If you are interested in reading the entire regulation for yourself, you can find it here.
Who has to Comply and What Kind of Data is Protected?
Unlike the previous legislation, which was just a directive, the GDPR is a regulation. That means that all companies that process data in the EU must comply. Complying with the GDPR is required for two types of organizations that handle personal data, and the GDPR has termed these two types as controllers and processors. Controllers are those that determine the reason, the purpose, and conditions for collecting personal data. Processors are those that process data on behalf of a controller. Even if a company’s headquarters or data centers are not in the EU, they need to comply with GDPR if they process any type of personal data from EU citizens. Organizations that don’t comply could be fined up to 4% of global annual turnover or up to $23.6 million dollars, whichever is higher.
So what kind of personal data does GDPR protect? The following list includes the types of personal data that is protected under GDPR (CSO):
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
In addition to expanding the scope of which companies need to comply and what kind of data is protected, the GDPR also clarifies the rights EU citizens have over their personal data.
EU Citizen (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/gdpr-general-data-protection-regulation-jumpcloud/