On 25 May 2018 the European regulation GDPR (General Data Protection Regulation) will be fully applicable to all businesses around the world. This legislation concerns the personal data of all European citizens no matter where they live.
GDPR makes sure your personal data is protected by the law and it is processed without any harm by any firm or individual.
What is GDPR?
GDPR is european regulation that binds all businesses to take action in protecting the personal data of their clients. It changes forever the way we collect, use and process personal data.
The objectives of the regulation are to:
- Unify the legislation of all EU Member States for the protection of personal data;
- Enhance the protection of the personal data of all European citizens;
- Change the way all businesses perceive and process personal data.
Why is it important to be familiar with GDPR?
As individuals, each of us provides our personal data on a daily basis to different institutions. Some of them properly handle them, but others often take advantage of them. With the help of the GDPR, every EU citizen will be able to exercise more control over the protection of his personal data, and he has the right to:
- Refuse to become a subject of processing of personal data;
- Get access to his personal information;
- Restrict the processing of his or her personal data;
- Transfer his personal data to the competence of another institution;
- Get detailed information about everything related to the processing of his or her personal data from each structure;
- Require correction or exercise the right to be “forgotten” by requesting removal or deletion of his personal data from the database of institutions in some cases;
- Seek protection from the law when he thinks that his or her personal data has not been properly processed.
And not only. GDPR is a complex synchronization between legislative bodies, businesses and citizens. Every business, in turn, must take appropriate measures to adapt to the changing legislative environment.
It is important to emphasize that the regulation has a serious application even outside the EU.
GDPR applies in all cases where data of European citizens are processed, no matter where they are in the world – including in Dubai (UAE).
What roles are distributed according to the regulation?
The main roles in the processing of personal data are the following:
- Data controller – any physical, legal entity or other entity that defines the purposes and means of processing personal data;
- Data processor – any physical, legal entity or other entity that performs the processing of personal data on the behalf of the controller.
Depending on the role played by businesses their obligations to GDPR are also defined. Although the roles are only two, in the modern hi-tech world their distinction becomes complex.
What data are considered personal by GDPR?
GDPR protects the sensitive data of any individual who can also be identified as high-risk data:
- User names;
- PIN information;
- Identity document number (ID card, passport, driver’s license);
- Physical address;
- Phone number;
- E-mail address;
- Photo and video material;
- IP address;
- Bank details;
- Insurance information;
- Health information;
- And more.
In addition to this, sensitive information also includes information such as:
- Biometric data;
- Religious beliefs;
- Political views;
- Political party, racial, ethnic, sexual affiliation;
- Place of work;
- And more.
In this sense, the GDPR expands the definition of “personal data” by including data that would not at first sight be recognized as such. This is what makes regulation important for the attention of every European citizen or legal entity – both inside and outside the EU.