What is the General Data Protection Regulation (GDPR)?

October 15, 2021

The General Data Protection Regulation (GDPR) is a primary law regulation protecting citizens from the European Union's (EU) personal data. The European Parliament and Council approved it in April 2016. The law establishes the guidelines for the collection, processing, storage, and transfer of personal data.

Any applicable businesses that do not comply with the law's requirements receive fines and penalties. The GDPR was the most comprehensive data regulation of its time, giving EU citizens more control over their personal data and allowing the EU to benefit from its digital economy. But what is the GDPR, and what do businesses need to know to be compliant?

What Is Considered Personal Data Under the GDPR?

To better understand the law's parameters, website administrators must realize that the GDPR determines personal data includes name, address, photos, genetic data, and biometric data. They have also included any other information related to an identifiable natural person like IP address or other data used to identify someone.

Who Does the GDPR Apply To?

The GDPR applies to all organizations operating in the EU and any organization outside the EU that offers goods or services to citizens or businesses in the EU. As a result, the GDPR has a global impact on data protection requirements.

EU General Data Protection Regulation

The GDPR notably applies to two different types of data handlers, this includes:

  • Data Controllers: person, public authority, agency, or any other entity that decides the means and purposes for which personal data is collected and processed.
  • Data Processors: person, public authority, agency, or any other entity which processes personal data on behalf of the controllers.

What rights do EU citizens have under the GDPR?

The GDPR protects EU citizens' personal data. All identified or identifiable natural person is defined as a data subject.
They have the following rights:

The GDPR protects EU citizens' personal data. All identified or identifiable natural person is defined as a data subject. They have the following rights:

  • Right to be informed: All Data subjects must access easy-to-understand information about how their personal data is collected and processed.
  • Right to data portability: Data should be allowed to transfer from one data controller to another.
  • Right to access: Data subjects should be allowed a copy of their collected personal data.
  • Right to rectification: All personal data can be corrected if wrong by the data subject.
  • Right to erasure: Also known as the right to be forgotten, it gives data subjects the option to request to delete their data.
  • Right to restrict processing: Under certain circumstances, data subjects can limit how their data is processed.
  • Right to object: Data subjects are allowed to oppose the way their data is being processed. Under certain circumstances, the data controller or data processor will have to comply.
  • Right to object to automated processing: Data subjects can object to a decision that legally affects them based solely on automated data processing.

How to Ensure You Are Complying with the GDPR

Businesses that function online need to have systems to ensure they are compliant with GDPR restrictions, even if they don't actively sell to individuals within the EU. This will help ensure that even the general person accessing the site falls under the confines of this program to avoid potential fees or penalties. Some things you can do to be compliant include:

  • Physically read the GDPR

    The GDPR is written in legal language. However, if you or your business are in a position to be affected by the GDPR is best to read and understand the legislation.

  • Look to other organizations

    Businesses all around the world are affected by the GDPR. If you lack understanding or are missing steps to be compliant, reach out to compliant organizations and ask for help.

  • Pay attention to your website

    There are many tools and programs used to collect, store, and process data that are compliant. However, you should still pay close attention and ensure you are compliant.

  • Pay attention to your data

    Map out how your data enters, is stored, and/or transfer and deleted. Knowing every route your data takes is vital to prevent breaches.

GDPR Data Protection Regulation

Why Choose SET?

Small Enterprise Technology (SET) provides security and compliance services that utilize integrated antivirus solutions and End Point Detection and Response (EDR) to actively monitor, manage, and update client devices. Ultimately, this ensures that your business remains as protected and secure as possible. To learn more about how SET can help your business stay protected from phishing attempts, call or contact us today to get started!