Use this guide to understand about the General Data Protection Regulation (GDPR).
General Data Protection Regulation (GDPR) is a European Union (EU) law came into effect on May 25, 2018. It has been approved by the European Union and has regulations that are better suited to protect the data and privacy rights of residents in EU and the European Economic Area (EEA).
Some of the key points of GDPR include:
-
It replaced UK’s Data Protection Act and EU’s Data Protection Directive which came out in 1984 and 1995 respectively
-
Companies irrespective of their size, nature of work, and location are now responsible for notifying customers about data collected, processed, and stored. This means that companies will now have to explicitly state the purpose behind collecting the data from the users
-
The scope of data collected includes Personally Identifiable Information (PII) including contact details, payment information, posts and images on social media websites, medical information, and IP addresses
-
Users now have stronger rights to know what data companies hold about them
-
The data has to be managed using best practices of data security, including encryption
-
If users feel any collected data is infringing upon their privacy, they have the right to have the data deleted
-
In the event of a data breach, be it accidental or part of an orchestrated cyber-attack, companies now have to disclose the attack to the concerned authorities within 72 hours of its occurrence
For more information on GDPR, see: General Data Protection Regulation. If you have any questions, you can reach out to us at support@scanova.io.