• Law

What is GDPR in simple terms?

GDPR stands for General Data Protection Regulation.

It’s a law created in the European Union (EU) to protect the personal data of its citizens. Although it was passed in Europe, it affects businesses worldwide.

When it went into effect on May 25, 2018, the GDPR set new standards for data protection, and kickstarted a wave of global privacy laws that forever changed how we use the internet.

Needless to say, it’s a big deal.

Why Do We Need the GDPR?

Personal data is highly valuable — in fact, it supports a trillion dollar industry.

Companies like Facebook and Google make their profits by selling personal information to advertisers. With this much money at stake, do you trust them to have your best interests at heart?

Didn’t think so.

The GDPR tells companies of all sizes what they can and can’t do with your information. If you know how this key piece of legislation works, you’ll have more control over your life online.

What Is Classified as Personal Data Under GDPR?

Personal data is information that can be used to identify you. Put simply, it’s any private details that you wouldn’t want to fall into the wrong hands.

Here are some examples of personal data:

Name / phone number / address / date of birth / bank account / passport number / social media posts / geotagging / health records / race / religious and political opinions

Think of personal data like a jigsaw. One piece alone might not say much, but connected together they reveal a vivid picture of your life.

What Is a ‘Breach’ Under GDPR?

Any incident that leads to personal data being lost, stolen, destroyed, or changed is considered a data breach. Unfortunately, breaches happen all the time.

Here are some newsworthy examples from before the GDPR started cracking down:

• Almost half the population of the US had their name, date of birth, and social security number stolen from credit reporting agency Equifax as the result of a data breach.
• Political consulting firm Cambridge Analytica secretly took information from 50 million Facebook profiles and gave it to the 2016 Trump campaign.

Both these incidents illustrate how data breaches have serious real-world consequences. This is the landscape that the GDPR and similar laws hope to regulate.

What Are the Penalties for Violating the GDPR?

The GDPR threatens would-be violators with some severe penalties. To make sure companies handle your personal data in a legal, ethical way, the fines for noncompliance are:

Up to €20 million ($23 million) or 4% of annual global turnover.

Some big names have already been hit with these noncompliance fines:

• British Airways — $230 million. The UK airline set the record for fines when the booking details of 500,000 customers were stolen in a cyberattack.
• Marriott — $123 million. After buying the Starwood Hotels group, Marriott failed to update an old system belonging to the group. This system was hacked, revealing information about 339 million guests.
• Google — $57 million. Important information was hidden when users set up new Android phones, meaning they didn’t know what data collection practices they were agreeing to. The Google GDPR fine shows even tech giants aren’t immune to GDPR enforcement.

Although smaller businesses wouldn’t be hit for such high amounts, they’re held to the same standards.

Source : https://termly.io/resources/articles/gdpr-for-dummies/