What is the GDPR?
What it is
The General Data Protection Regulation (GDPR) has been designed to protect individual’s personal data within the European Union (EU) and European Economic Area (EEA). The GDPR replaces the Data Protection Directive in the fact that the GDPR’s data protection reaches beyond the EU and EEA.
The reason for GDPR’s creation was to make Europe “fit for the digital age.”
Where it reaches
As mentioned above, the GDPR reaches beyond the EU and EEA when any company requesting personal data also has ties outside of Europe. Most notably this would include major companies like Apple, Microsoft, and, of course, the data giant, Google. Any company that operates and requests data within Europe is subject to GDPR rules and regulations. While the GDPR is not officially in North America, we are all subject to it if the companies you supply data to operate in Europe.
What it protects
The GDPR protects what is simply called personal data. To expand on this, personal data refers to a company’s processing of the personally identifiable information of an individual. Whether this be email, phone number, home address, credit card number, or even personal interests, if the data can identify who you are, it is classified as personal data.
Data subjects are individuals who have offered personal data to a company for their services. With the GDPR, data subjects may request any and all data collected on them from any company that operates in Europe, thus requiring them to be GDPR compliant.
Punishment for misuse
Failure to provide requested personal data or misuse of data subjects’ information will result in a fine of up to €20 million euros or up to 4% of the annual worldwide turnover of the company’s previous financial year, whichever is greater.
To demonstrate a 4% impact, Apple posted a fourth-quarter revenue, ending September 2017, of $52.6 billion US Dollars (USD). 4% of $52.6 billion is $2.1 billion USD or €1.8 billion euros. Well over the €20 million euro fine!