What is GDPR?
General Data Protection Regulation (GDPR) is a regulation relating to how to protect the personal data of EU residents which will come into effect on May 25, 2018. Given this rule, it is hoped that data privacy can be well protected and has a positive impact on the digital economy today.
Rather than think of it as a threat or restriction, GDPR is an opportunity to keep a company competitive with the right privacy strategy, because personal information is one of the most valuable assets and key of any ecommerce and online company’s business.
GDPR also aims to encourage companies to develop new approaches to management of information (controlling and managing unstructured data), enhance privacy of personal data and protect new rights and regulations affecting companies outside the EU.
Examples where companies should submit to GDPR:
- The airline / hotel that stores EU passenger information data
- E-Commerce site that stores EU customers’ data, addresses and transactions.
- The seller of a vehicle or property in which some of its customers are residents of the EU.
Based on IDC Report, GDPR provides various impacts to all companies that process personal data of EU residents. Of all the impacts there are 4 main effects:
- The penalty for GDPR: It is so serious that it shows that compliance with GDPR is as obedient to anti-bribery or money laundering rules. Because the problem of privacy data is not an IT problem alone.
- Mandatory Notification of Breach: The requirement of any organization notifying the authorities within 72 hours of finding breach data and must inform which data is affected.
- Territorial Extras: This rule applies not only to the EEA but to all companies in the world that hold personal EU population data.
- Prohibition of data processing activities: If a company is found to be infringing, the regulator shall be entitled to prohibit the company from processing personal data of both customers and employees.