Our posts contain affiliate links. Sometimes, not always, we may make $$ when you make a purchase through these links. No Ads. Ever. Learn More
Table of Contents_
One of the most significant concerns among modern internet users is consumer privacy. As more has come to light about how organizations fail to uphold users’ right to privacy, governing bodies have passed laws to limit the amount of data infractions. One of the most significant pieces of legislation is the European Union’s General Data Protection Regulation (GDPR). If you’re curious about these laws, read on as we ask (and answer) the question: What is the GDPR?
If you’re a US resident and want to learn more about consumer privacy laws in your area, check out our resources comparing the CCPA vs the GDPR. We have a great explanation of what the CCPA is, how it affects businesses, and the right it provides certain internet users.
To ensure your organization is in full compliance with the laws of the GDPR, download a compliance checklist. These checklists can be found online.
The GDPR is a set of laws passed by the European Union in 2016. The document created and established important definitions around the following subjects:
Many data experts consider the GDPR to have set the strictest security standards of any data law ever passed. However, its first and most critical function is to set clear definitions around the various players and objects involved.
By making these definitions, the laws seek to grant data subjects more control and set up a formal system of behavior and rules for organizations to protect and responsibly handle collected data.
Before anything else, the GDPR defined what’s considered sensitive/personal. Under the GDPR, Personal data is the most highly protected class of data and is defined as follows:
Personal Data — Information that relates or can be connected to an individual’s identity. Some of the categories that fall under personal information include:
The articles of the GDPR explain in further detail the definition of personal information and a sub-categorization of “sensitive personal information.”
Additionally, the GDPR draws clear lines around the various players affecting the data landscape.
Overall, the GDPR is divided into 99 articles, each referencing different rights, restrictions, and obligations provided for the above figures. In total, the document is 88 pages long and explains everything from how organizations must store, protect, and notify users about what types of data are being collected and their purpose.
Only after establishing the proper definitions law-makers were we able to connect the relationship between the various actors to build protection principles around online identity.
Hiding any evidence of security breaches can result in massive fines. Likewise, failure to provide breach notifications can permanently damage a business’s reputation.
In total, the GDPR outlines eight rights:
If you want a more in-depth look at what each of these rights means, we have a great article explaining the rights of the GDPR.
STAT: Over 90% of American companies are not yet compliant with GDPR regulations. (source)