The first point to note here is that GDPR is a regulation and not
a directive. Earlier 95/46 was a directive.
What is the difference between Regulation and Directive?
Regulations have binding legal force throughout every Member State
and enter into force on a set date in all the Member States.
Directives lay down certain results that must be achieved but each
Member State is free to decide how to transpose directives into national
laws
Plus, on Brexit UK need not follow
GDPR regulation in which case UK may have to pass separate law to implement
GDPR. This will be decided under terms and conditions for Brexit.
When GDPR was passed and when it will be applicable?
The GDPR was approved by EU Parliament on 14 April 2016. It will
enter in force 20 days after its publication in the EU Official Journal and
will be directly applied in all member states two years after this date.
Enforcement
Date: 25 May 2018 – at which time those organizations in non-compliance
will face heavy fines.
The GDPR will replace Directive 95/46 and create an even more
robust privacy framework that will include mandatory data breach requirements,
the right to be forgotten, increased penalties and more.
What are the Major Changes in GDPR that will impact others outside EU?
Main
Two Points about GDPR
è The
biggest change is GDPR applies to
all companies processing the personal data of subjects (Subject can be anybody whose data is being processed) residing in
the union, regardless of the company’s location. It will apply to the
processing of personal data by controllers and processors in the EU, regardless
of whether processing takes place in the EU or not.
è Penalties
4% of annual global turnover or €20 Million (Whichever is greater) à this
is applicable in case of most serious infringement.
It is important to note that these rules apply
to both controllers and processors -- meaning 'clouds' will not be
exempt from GDPR enforcement.
Now, First we will discuss about rights under Directive 95/46/EC
and then about GDPR Rights for Subjects
One more important point to discuss is
Privacy by Design (Controller shall implement appropriate technical and organizational measures in an effective way in order to meet the requirements of this Regulation and protect the rights of data subjects).
In this case, organizations have to implement mechanisms to protect the data.
What is Directive 95/46/EC ?
It is a regulation
adopted by the European Union to protect the privacy and protection of all personal
data collected for or about citizens in the EU, especially as it relates to
processing, using or exchanging such data.
Important Principles of the directive à
1.
Subjects whose data is being collected should be given notice of
such collection and who is collecting
2.
Data should be kept safe from potential abuse, theft or loss
3.
Data should not be disclosed to third parties without consent of
the subject
4.
Subjects should granted access and be allowed to correct any
inaccuracies
5.
Data should be used only for stated purpose and subjects should be
able to hold personal data collectors accountable for adhering to all these
principles
Now, let us take a look at GDPR
What are the New Data Subject Rights introduced in GDPR?
1.
Breach
Notification (Where data breach is likely to result in a risk for the rights
and freedoms of individuals).
2.
Right
to access (It discusses about the right of data subject to obtain
confirmation as to whether or not personal data concerning them is being
processed, where and for what purpose)
3.
Right
to be forgotten (Also known as Data Erasure, the right to be forgotten entitles
the data subject to have the data controller erase his/her personal data, cease
further dissemination of the data, and potentially have third parties
halt processing of the data. )
4.
Data Portability
(GDPR introduces data portability - the right for a data subject to
receive the personal data concerning them, which they have previously
provided in a 'commonly use and machine readable format' and have right to transmit the data to another controller)
Comments
Post a Comment