What is the General Data Protection Regulation (GDPR)?
Last Updated: March 17, 2020
The General Data Protection Regulation (GDPR) is one of the first data privacy regulations dedicated to online consumer protections in the world that went into effect in May 2018. It is a far more comprehensive replacement for Directive 95/46/EC, a 1995 directive established to impose restrictions on the processing and movement of personal data. It’s a comprehensive regulation that intends to protect European Union (EU) residents by providing full transparency into how their personal information is gathered and processed.
The focus of the GDPR is on both data privacy and data protection. Keeping data safe from potential hackers and breaches, while also letting users make the choice about what personal data they are willing to share.
Companies that handle large amounts of sensitive personal data, public authorities, and organizations with more than 250 employees must employ a data protection officer (DPO) who must ensure GDPR compliance across the organization.
The GDPR imposes heavy penalty fines on organizations that do not comply with the requirements. Some violations are subject to up to 4% of the organization’s annual revenue.