There’s no getting around it. Passed in May 2016, the European Union (EU) General Data Protection Regulation (GDPR) replaces the minimum standards of the Data Protection Directive, a 21-year-old system that allowed the 28 EU member states to set their own data privacy and security rules relating to the information of EU subjects. Under the earlier directive, the force and power of the laws varied across the continent. Not so after GDPR went into effect May 25, 2018.
Under GDPR, organizations are subject to new, uniform data protection requirements—or could potentially face hefty fines. So what factors played into GDPR’s passage?
• Changes in users and data. The number, types and actions of users are constantly increasing. The same is true with data. The types and amount of information organizations collect and store is skyrocketing. Critical information should be protected, but often it’s unknown where the data resides, who can access it, when they can access it or what happens once it’s accessed.
• Changes in data access and processing. The cloud, social networking, smart cards, and an array of digital and mobile devices flung open the door to data security threats. Aware of this globally changed landscape, the EU enacted regulations that recognize that “the protection of natural persons in relation to the processing of personal data is a fundamental right.