Menu
Get Started

What is the General Data Protection Regulation (GDPR) Act?

Are you new to the world of GDPR and looking for a quick guide to what it entails?

If so then here is a brief overview…

The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation that was implemented in the European Union (EU) on May 25 2018. It replaced the Data Protection Directive 95/46/EC and introduced significant changes and enhancements to data protection laws in the EU. GDPR is designed to strengthen and harmonise data protection and privacy regulations across all EU member states.

Here are some key aspects of the GDPR:

Scope
GDPR applies not only to organisations located within the EU but also to organisations outside the EU that process the personal data of EU residents. This, therefore, makes it applicable to many global businesses.
Personal data
GDPR defines personal data broadly, encompassing any information that can directly or indirectly identify an individual, including names, addresses, email addresses, IP addresses, and more.
Principles
The GDPR regulation lays down several fundamental data protection principles, including the principles of lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality.
Data subject rights
GDPR grants individuals greater control over their personal data. Data subjects have rights such as the right to access, the "right to be forgotten", and port their data, as well as the right to object to certain data processing activities.
Consent
Organisations must obtain clear and explicit consent from individuals before processing their data for specific purposes. Consent can be withdrawn at any time.
Data protection impact assessments (DPIAs)
Organisations are required to conduct DPIAs for data processing activities that are likely to result in a high risk to the rights and freedoms of individuals. This helps identify and mitigate potential privacy risks.
Data protection officers (DPOs)
Some organisations are required to appoint a data protection officer responsible for ensuring GDPR compliance. DPOs monitor compliance, provide advice, and serve as a point of contact for data subjects.
Data breach notification
Organisations must report data breaches to the relevant data protection authority (DPA) within 72 hours of becoming aware of the breach, and in certain cases, notify affected data subjects.
Accountability and governance
GDPR emphasises the importance of accountability. Organisations must implement appropriate data protection policies, conduct staff training, and maintain records of data processing activities.
Fines and penalties
GDPR introduces significant fines for non-compliance. GDPR states that some violations are more severe than others but the less sever infringements could results in organisations be fined up to €10 million or 2% of their global annual revenue, whichever is higher. The more serious infringements could results in fines up to €20 million or 4% of their global annual revenue, whichever is higher.
Previous slide
Next slide
If you have subject access request challenges and would like to learn more about how Sarima can help with this, please get in touch at [email protected] for an informal discussion.
Click Here

Explore

Company

Legal

© 2024 Sarima.io Ltd. All rights reserved
Company number registered in England and Wales: 14493652

Scroll to Top