Contact us icon
Back

Business Monster Named GDPR

  • 30 Dec 2018
  • 3 min read
Sofię_Nalimską
Sofię_Nalimską
Project Manager
general data protection regulation

Short overview

May 2018 was a tough month for companies providing their services to EU citizens or collecting personal data from them. The reason is that on May 25th General Data Protection Regulation (GDPR) became compulsory. The law states that all businesses that provide service to European citizens or have presence in European countries must adhere to new privacy practices in Europe. Some main principles of consumers’ privacy include:
  • Companies must process personal data legally and clearly. They must present any information about goals, methods, and scope of personal data processing clearly and easy to comprehend for end users.
  • All data should be collected and used only according to the goals that a company states in its Privacy Policy.
  • It is prohibited to collect more data than needed for the processing goals.
  • Inaccurate data should be deleted or corrected at a user’s request.
  • Companies must store personal data in the form and for the time period that allow identifying an individual for purposes that a company claims.
  • Processing personal data, companies must protect it from illegal access, erasure, and damaging.
  • If there occurs any leakage, companies must inform authorities about the issue within the following 72 hours.
  • When a EU resident requests their data, a company has 30 days to reply. If the company doesn’t reply within this time period, a user may address local authorities.
By personal data they mean any information that can identify an individual directly or indirectly. For instance, it can be name, location data, and various online identifications like IP-address. Moreover, there is special confidential personal data that includes race or ethnic origin, political views, religious and philosophical beliefs, genetic and biometric information, and data on health state and sexual life. gdpr compliance overview

How GDPR impacts consumers and businesses

It is clear that consumers have the greatest benefit they even could get from this law — they finally get protection and a wide range of new opportunities. For instance, now they even can request their data portability from one company to another. However, one can’t state the same about organizations that have to obey the law. Though there was a two-year implementation period before the enforcement date, lots of companies still remained unprepared for such changes. While some of them had started adjusting their Privacy Policy only a few days before the law came into effect, others are still ignorant to this event. In case of non-compliance, a company can be fined up to 4% of global turnover or €20 million, which means a company may lose all its revenue. No one wants to get fined and lose such big money, that’s why companies have to complete a huge scope of work to meet the requirements of the regulation. It is actually detrimental because they have to do work that was not included in their business plan and therefore pause their current tasks to accomplish the ones set by GDPR. One of the most serious GDPR demands is users’ right to request access to their personal data. Now they can request data deletion, correction if needed, and even getting it in the form convenient for transportation. However, this data may be placed on five different servers and in various formats, which means that there is a high need in creating an internal infrastructure responsible for effective processing of user requests. For companies GDPR is nothing but headache. While some of them will obey the law, others may refuse European traffic. what is gdpr for consumers and businesses

HAVE A PROJECT FOR US?

Let’s build your next product! Share your idea or request a free consultation from us.

Contact Us >
Contact us icon