This article gives a brief introduction to GDPR for beginners, some of its major rules and how this regulation will affection organizations. With the rapid growth of the internet and the amount of data available online, it has become questionable who holds this data? How is this data being used? And, most importantly, what about the privacy of users. Privacy is perhaps one of the biggest concerns when it comes to the Internet. Is it really possible to stay anonymous online? Is our data on some social network site being kept safe? Data can be used for good or bad. Usually, it is used for showing relevant adverts, but how much of your data should be used for the adverts? Often we don’t have any control over the privacy of our own data. Due to all these concerns, there was a need to enforce some data regulation policy. This is where General Data Protection Regulation (GDPR) comes into play.

Understanding GDPR for Beginners

GDPR is a data protection regulation laid down by European Union. It sets out the policies to protect the personal information of individuals in EU region. It will come into effect on 28th May 2018. It applies to all organizations who have customers or clients in EU, regardless of where they are based. So, for example, an organization based in the US will also have to comply with GDPR if they want to keep doing business in EU.

Personal Data Defined

GDPR defines personal data as any private, professional or public information. The also includes the information you have provided on social media sites, including the images and videos, but excluding the information available from national security or law enforcement agencies.

Rules Set Out by GDPR

GDPR lays out strict rules for organizations that collect and process personal information. The organizations must provide a reasonable level of protection to personal data, notify users in case of data breach or hack, obtain the consent of the users and appoint data protection officers.

How GDPR Can Affect Organizations

All these strict rules have caused organizations to rethink their strategies. Organizations will also be required to make a significant investment to ensure GDPR compliance so they can continue doing business with EU customers. Once GDPR has been enforced, customers in EU will have the right to ask organizations to delete their data. If the data was collected with the consent or was used illegally, the organization will have to delete the data. Organizations will also have to encrypt data so hackers cannot recover the deleted data. In case of non-compliance, serious penalties will be applied to the organization. The penalty could be €10,000,000 or 2% of annual turnover. In extreme cases, it could go up to €20,000,000 or 4% of annual turnover. To ensure the GDPR compliance, the organization can hire a lawyer who can guide them through the process and start auditing their data to check whether it falls under the regulations set out by GDPR. We hope that this introduction to GDPR for beginners was enlightening for you in understand how it will affect organizations and what approach should they take from now on.