Magazine article Information Management

EU Approves GDPR

Magazine article Information Management

EU Approves GDPR

Article excerpt

The EU Parliament passed the General Data Protection Regulation (GDPR), overhauling the Data Protection Directive rules established in 1995. The rules apply to all organizations and businesses targeting EU consumers, regardless of their geographic location.

According to Legaltech News, the legislation defines new data and privacy rights for EU consumers, regulates the transfers and processing of EU data, and establishes more stringent enforcement of data handling, allowing organizations to be fined up to 4% of its total worldwide revenue for violating GDPR regulations.

GDPR is meant to replace the patchwork of EU member states' national laws so that businesses accessing EU data will have only one centralized supervisory authority to follow. The EU estimates that savings from this standardization will hit euro2.3 billion ($2.6 billion U.S.) per year, Legaltech News reported.

The GDPR is effective now, but member states have two years to translate the regulations into their national laws. The UK and Ireland will follow the regulation on a limited basis because of their special "home affairs and justice legislation" status. Denmark will vote on the adoption of the GDPR within six months.

The GDPR:

* Allows an EU citizen's right to be forgotten, which means data controllers, processers, and Internet third parties must remove the personal data of an EU citizen upon request if there are no legitimate reasons to retain such information, such as historical, statistical, public health, scientific need, a right to free expression, or legal or contractual obligations

* Requires clear and affirmative consent, such as an EU citizen "ticking a box" on a website allowing it to retain or process his or her personal data

* Gives EU citizens the right to data portability, which allows them to transfer personal data between service providers easily, such as moving contact information from one e-mail provider to another

* Requires clear, plain language in Internet and business privacy policies

* Requires EU businesses and providers to expedite notifying their national supervisory authority of "serious" data breaches

* Limits the use of "profiling," which is collecting an individual's personal information in order to predict his or her behavior, without the expressed consent of the individual, or that of a law or contract

* Requires parental consent for children between the ages of 13 and 16 to open social media accounts, although the exact age varies among EU member states. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.