The General Data Protection Regulation (GDPR) is a European Union (EU) law that determines how companies may use personal information.
This consists in legislation related to Data protection that came into force in Europe in 2018 and is the only law valid for countries and companies that are not within the bloc.
The purpose of GDPR is to increase the rigor with the protection of Data involving the identities of European citizens and means, in practice, that companies that collect data from these people who use their services and/or browse the internet, need to clarify how they will be used.
The main concern is related to people's privacy and care for the security of stored Data. In this way, the company cannot store any information that could identify a user without their consent.
- Right to be forgotten: With the right to be forgotten, companies are obliged to delete records of personal information that are not necessary for historical, statistical, scientific purposes or to exercise freedom of expression.
- Permission to use Data: to process personal data of European citizens, the company needs to receive a clear and affirmative permission from each user. The user has full control over his data and can, at any time, request a copy of the stored Data. It can also revoke the authorization it had granted to a company, which must delete any information regarding that user.
- Invasion and Data Leakage: If the servers on which the Data is stored are invaded by hackers, companies must notify customers within 72 hours of becoming aware of the intrusion.
- Data Protection Officer (DPO): companies must have a Data Protection Officer, a professional responsible for ensuring that the company complies with the principles of the regulation.
If you have questions and/or want to know more, Contact Us.
GDPR - official site