What is it?
On May 25, 2018 the European Union’s General Data Protection Regulation becomes law – not just within the EU but everywhere in the world in some respects. It is deliberately extraterritorial. The EU is serious about compliance with the GDPR. Fines can be as high as 4% of a company’s gross revenues or 20 million Euros.
The Data Privacy Detective launches a thorough exploration of the GDPR with this podcast, starting with the history, the context and the GDPR’s basic aim of protecting the personal data of its citizens and residents.
In 1995 the European Commission issued the Data Protection Directive requiring EU nations to adopt laws within a common framework to protect personal data. It restricted what a “controller” can do with personal data of European citizens and residents, and it announced restrictions on the “export” of personal data outside the EU. The U.S. was declared not to have equivalent personal data protection, and this led to arguments about the portability of data across borders, including charges that the EU approach was a disguised unfair trade practice.
The GDPR replaces the Directive in May 2018 as a directly applicable EU law to upgrade and harmonize how businesses handle personal data. The Regulation requires companies to have a legitimate reason to collect personal data and gives individuals substantial power over the collection and use of the information. The GDPR goes beyond any other national scheme to protect personal privacy. And it reaches beyond the EU’s borders to protect personal data of European citizens and residents.
Join this podcast series as it first explores how the GDPR applies globally, what data it protects, the difference between data controllers and processors, how a business must obtain permission to collect, use and keep personal data, and the steps a business must take to determine if it must comply with the GDPR and if so, what to do about it. The series will delve into each Article of the GDPR and conclude with a question – if a business adopts a program to meet the rigorous standards of the GDPR, can this be global best practice for dealing with personal data?