The European Union issued the General Data Protection Regulation (EU GDPR), which has been enforced since May 25, 2018, replacing the national laws and regulations based on the venerable 1995 EU Data Protection Directive.
New principles with uncertain consequences
have been added into the regulation, such as a stricter concept of consent,
a requirement for data portability,
and a “right to be forgotten”.
At the same time, it offers hope for a greater level of uniformity across Europe, which multinational enterprises may welcome.
The objective of this new set of rules is to give citizens back control over of their personal
data and to simplify the regulatory environment for business. As per this regulation, companies
should already consider their compliance landscape in their product design, operational planning,
privacy policies, security systems, contracts etc.
In case a company does not comply with the Regulation, administrative
penalties
up to EUR 20 million or 4% of the annual revenues
may be asked by
national data protection authorities and courts.
Therefore it is highly recommended to enterprises, to appoint a data protection officer - like SNSfortech, to confirm compliance with GDPR.