The EU General Data Protection regulations (Protection REGULATION,GDPR) will be formally implemented on May 25, 2018, although it aims to strengthen the protection of relevant residents and individual information and privacy data in the EU, but from the information industry as a whole , is a historic breakthrough. Europe has come to the forefront of the world again.
from then on, the protection of personal data (in some areas) will be regulated. Development Process
The draft bill was first introduced in January 2012 and was approved by the European Parliament on April 14, 2016 after a revised version of 2014 and 2015. The formal regulations include 91 articles, 204 pages in total.
In the 2012, it is the Internet that has spread all over the world, the data carrier from the desktop Internet to the mobile Internet evolution period. key points of regulation
In contrast to European data protection guidelines, introduced in Europe in 1995, the GDPR is more aware of information governance and data privacy protection, and the relevant models and regulations are more explicit and rigorous, Protection DIRECTIVE,95/46/EC. In the law, from the guidance evolution to the regulation, provides the stronger enforcement basis.
Core changes include: expansion of the scope of implementation (increased territorial scope): not only registered in Europe, all enterprises involved in personal data processing in Europe are within the scope of management; Increased punishment (penalties): The general penalty amount for the enterprise in the global annual turnover of 2% or 10 million euros in the larger, serious person can be sentenced to 4% or 20 million euros in the larger; Licensing (consent): Enterprises can no longer be like this is only a lengthy, difficult to understand, A license that cannot be rejected requires brevity, clarity, and the need to provide a reasonable refusal option; Data rights: Under the new Subject, Controller, processors data models, access (access), forgetting (forgotten), Rights such as transferable (portability), default privacy protection (Privacy by Design). Disclosure Notice (Breach Notification): Once a data breach occurs, the enterprise must notify the regulatory authorities and users within 72 hours. Data Protection OFFICER,DPO: Companies must establish data protection Officer posts, supervise and standardize data processing activities. Reviews
With the rapid development of the information technology special Internet, data and privacy protection has been a serious problem all over the world, which brings great risks to national security and resident security. Countries around the world are also actively discussing how to respond. Europe has been at the forefront of this, and as the first legal-sense rule, the GDPR is of great reference value. Boldly predicting that the GDPR as a new era of information protection is a historic moment that is likely to change the landscape of existing information industries.
The GDPR, which focuses on the protection of individual information and privacy, will reverse the asymmetry of the current enterprise's unlimited control of individual data, but that does not mean that it is bad for businesses. In the long run, a more healthy market environment will be established to allow enterprises to participate in the more fair competition in the industry by constructing the legal protection of the data processing process.
Of course, it is also necessary to see that the level of information technology development in different regions is different, in the process of realizing information security and privacy protection, we need to discuss it in combination with specific situations. References: GDPR official website: www.eugdpr.org.