What is the GDPR?

Effective as of May 25, 2018, The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy law. As one of the world’s first most comprehensive data protection laws, the regulation replaces Directive 95/46/EC and governs the current data protection framework in Europe.

Since the GDPR is the most extensive privacy legislation to date, the regulation has influenced and shaped numerous privacy laws, such as the Brazilian LGPD and Thai PDPA.

Scope of GDPR

The General Data Protection Regulation has a broad scope that impacts organizations, regardless of their location, that process the personal data of EU residents. The purpose is to centralize the EU data protection landscape and protect the fundamental rights and freedoms of EU individuals.

GDPR Non-Compliance Fines

Any organization subject to the GDPR that does not comply will face heavy fines and penalties. Some violations are subject to up to 4% of the organization’s annual turnover.

Roles & Responsibilities

The GDPR outlines the roles and responsibilities of parties subject to the EU regulation:

• Data Controller. The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processor. The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Frequently, data controllers may utilize or work with a third-party to process data. An example of a data processor could be a payroll agency a company (the data controller) hires to pay employee wages.

Some data controllers and processors may need to appoint a data protection officer. This individual is responsible for advising the organization about the data protection obligations and monitors their privacy compliance program and activities.

Individual Rights Under The GDPR

The GDPR grants individuals certain rights and freedoms. Data Subjects are classified as an identified or identifiable natural person to whom personal data relates. There are 8 rights data subjects are afforded under the GDPR:

• Right to be Informed
• Right to Access
• Right to Rectification
• Right to Erasure and Right to be Forgotten (RTBF)
• Right to Restrictions and Objections
• Right of Withdrawal
• Right to Data Portability
• Rights related to automated decision making – including profiling

In order to be compliant with the GDPR, it’s the data controller’s responsibility to ensure these data subjects’ rights are fulfilled. It’s important that the data controller responds to these requests as quickly as possible. Ideally, no later than one month starting from the day they receive the request. It is acceptable to take up to three months for complicated requests.

Governing & Enforcement Bodies

Supervisory Authorities, also known as a Data Protection Authority (DPA), are independent public authorities that supervise, monitor, and correct GDPR data compliance. One of the main functions of DPAs is to publish expert advice on data protection issues. It informs the general public on the rights and obligations related to data protection and the General Data Protection Regulation.

GDPR Cookie Banner Compliance

CookiePro Cookie Consent allows your organization to perform a complete discovery of the cookies, local storage, and tags that are currently being used on your website. This provides insight into the ways in which your organization is capturing a site visitor’s personal information when they browse your site – a key requirement under GDPR.

Learn more about creating a GDPR compliant cookie banner here or preview and interact with GDPR compliant cookie banners with our Cookie Banner Gallery tool.

Let CookiePro Help

CookiePro enables companies to drive cookie consent opt-ins while demonstrating compliance with hundreds of global privacy regulations – including the GDPR.

CookiePro helps you easily comply with the GDPR with features that:

• Inform and allow visitors to opt-out of the collection of their personal data when they visit your website
• Intake and fulfill data subject requests for personal information access requests
• Build and configure web forms to capture subject rectification requests and launch automated workflows integrated with your existing systems to update that information.
• and more!

To learn more about how CookiePro can support organizations looking for GDPR cookie compliance request a demo with one of our GDPR experts today.