Last year the EU approved its General Data Protection Regulation, or GDPR, the latest regulation designed to protect citizens’ privacy amidst a seemingly endless flood of data breaches worldwide. This new regulation reinforces Europe’s reputation as today’s toughest watchdog on privacy and creates new risks (and potential penalties) for companies operating across the globe. The following pages shed some light on the scope of the GDPR and help outline what businesses can do to ensure they’re prepared.
Let’s step back in time. In 1995, the Data Protection Directive (DPD) was passed to protect the processing of personal data and its associated transferal within the countries that comprise the European Union (EU). In summary, the DPD was designed to accomplish two goals; to protect the privacy of individuals while allowing personal data to be shared within the EU. In order to achieve these goals, the DPD established criteria for the collection of personal data while affording rights to data subjects.
While the DPD was helpful, it was far from perfect, and technological changes soon outpaced the regulations. One of the largest flaws of the DPD was the inconsistency that resulted as each member state had its own set of rules. Compliance with numerous and varying regulations proved challenging, protection and enforcement were inconsistent and it was costly to manage. While it offered a good foundation, laws from 20 years ago weren’t created with the rise of social networking sites, cloud computing, and smart cards in mind.
