EU- GDPR – General Data Protection Regulation is an updated regulation which protect the European Citizen’s data

GDPR is the new regulation which will become mandatory before May-2018. This is the most awaited Data Protection regulation, even common people is waiting for; which streamlines the usage, processing and controls the PII Data usage across different countries. Deploying or practicing the European Countries updated / new regulation might be an studious  task ahead for all the business who is using EU citizen’s data. With no-choice it seeks highly skilled professionals to drive the GDPR regulations in any industries. Whatsoever it’s been confirmed if you don’t follow the regulation get ready to pay the huge fine.

Before we understand about the GDPR its good to have the basic understanding about the European countries. How it’s formed, how many countries are united &When the countries are formed

• 1951 When European countries formed, only 6 Countries where participated in the formation
• Totally 28 different countries are united in European Countries
• Members of the European countries are mainly agreed on “Schengen border-free area”
• The euro (€) is the official currency of 19 out of 28 EU member countries
• Copenhagen criteria is very important for joining into EU Countries which are:
  • Stable institutions guaranteeing democracy, the rule of law, human rights and respect for and protection of minorities
  • A functioning market economy and the capacity to cope with competition and market forces in the EU
  • The ability to take on and implement effectively the obligations of membership
  • Adherence to the aims of political, economic and monetary union

• List of Countries in EU are: IF you are more interested click on the each countries to know more details
  • AUSTRIA , BELGIUM, BULGARIA, CROATIA, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece
  • Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden
  • United Kingdom

Overview of  GDPR :

• EU Adopted the GDPR as one if it’s greatest achievement to protect their people PII Data
• 27-April-2016 EU Legislation finally approved GDPR which replaces the 1995 data protection directive 95/46/EC
• Objective’s with the new legislation included:
  • The harmonization of 27 national data protection regulations into one unified regulation
  • The improvement of corporate data transfer rules outside the European Union
  • The improvement of user control over personal identifying data
• GDPR is recognized as a Law across the EU. 25-May- 2018 is the deadline where all the EU countries should be implemented
• 99 Articles and 11 Chapters briefs the GDPR

11 – Major GDPR Chapters:

Let’s split the GDPR into General, Data, Protection & Regulation to understand in a simple way

• This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data
• Right to protect the personal data
• Whoever using / collecting / storing / processing / depends / pseudonymisation of EU region data this regulation is applicable and the companies should be compliant to GDPR
• A single set / A Common rule for all EU members states. Also the states establish an Independent Supervisory Authority (SA) to hear investigate complaints and to administrate
• EU Citizens now has the right to fight, if their information is breached / leaked through any of the companies – RTO
• Data Protection Officer – Recommend to appoint a DPO in each industry who can direct the companies to be GDPR compliance – Guidelines for Data Protection Officer also released by EU
• Non-Compliance Fine is increased to very high, which confirms the importance and serious driven about GDPR
• Considering 173 reasons the GDPR is adopted in EU

As  Defined by GDPR:

• Data Means – Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Processing Means – Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
• Personal Data Breach Means – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
• Genetic Data Means – Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
• Biometric Data Means – Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

Sensitive data considered for Regulation [DRAFT Confirmation]:

• Basic identity information such as name, address and ID numbers
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation

• Data Protection Impact Assessment is been derived clearly
• Designation, Tasks , Position, and Guidelines available for the Data Protection Officer
• International, National and Board Protection established as a body of the Union
• Design , Control, Principles, Implementation, Consistent protection & Review of Data protection is consent
• Certificates and Certification bodies are incorporated with GDPR
• Design, Impact Assessment, Consultation is developed for business process, products & services

• Requirement to have the Data Protection officer to be deployed in each business and countries
• Social Media and Cloud services providers to enhance their regulations
• Data Portability challenge for the organizations who deals with EU citizen data
• Contradiction / Conflict for the Non-European countries companies
• Larger investment and security considerations should be adopted, but tough to administer
• Data Controlling and data processing should be changed when you process EU citizen data

Latest survey’s confirms 77% of respondents planned to spend $1 Million or more on GDPR. 94% of the companies still not compliance to GDPR. Still a huge challenge is ahead for the Social Media Vendors & Cloud service providers who deals majority of the data from outside EU-Nation. 

This is most awaited cherish movement for European Citizens where they will be protected completely and their data wont be revelaed without their consent. 

What if the Data Get’s Hack ? and Critical Challenges to be faced by companies and other GDPR Challenges will be discussed in the up-coming article.

References:

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

https://europa.eu/european-union/about-eu/countries_en#tab-0-0

https://gdpr-info.eu/