Reading Time: 2 minutes

Published: 2014-02-18 10:11:25

The European Union is working on a new data protection regulation that will have a significant impact on businesses operating in Europe. This regulation, will be known as the General Data Protection Regulation (GDPR), with the projected adoption to occur in 2016 and full effect occurring in 2018. In this article, we’ll discuss the foreseeable key provisions of the GDPR, including the right to be forgotten and the requirement for explicit consent. We’ll also explore the potential impact of the regulation on businesses and consumers.

The GDPR will be a comprehensive regulation that governs the collection, use, and storage of personal data in the European Union. It will apply to any business that processes the personal data of EU residents, regardless of where the business is located. The regulation will include several key provisions that are designed to protect the privacy and rights of individuals.

One of the most significant provisions of the GDPR will be the right to be forgotten. This provision will give individuals the right to request that their personal data be erased from a company’s records. This includes not only data that will no longer be necessary for its original purpose but also data that was collected with the individual’s consent but is no longer needed. Companies will have to comply with these requests unless there are legal or legitimate reasons for retaining the data.

Another key provision of the GDPR will be the requirement for explicit consent. Under the regulation, companies will have to obtain clear and affirmative consent from individuals before collecting and processing their personal data. This consent will have to be freely given, specific, informed, and unambiguous. Companies will also provide individuals with clear information about how their data will be used and who it will be shared with.

The GDPR will also include provisions for data breach notification, data portability, and the appointment of data protection officers. Companies that experience a data breach will have to notify the relevant supervisory authority within 72 hours and inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms. Individuals will also have the right to receive a copy of their personal data in a machine-readable format and to transfer that data to another controller.

The potential impact of the GDPR on businesses will be significant. Companies that fail to comply with the regulation can face significant fines. The regulation will also require companies to implement a range of technical and organizational measures to ensure the security and privacy of personal data.

The GDPR will also hold implications for consumers. The regulation will give individuals greater control over their personal data and provide them with more transparency and accountability from companies that collect and process their data. The right to be forgotten, for example, will give individuals the power to remove information about themselves that is no longer relevant or accurate.

The GDPR is destined to become a comprehensive data protection regulation that will hold significant implications for businesses operating in Europe and abroad.

My belief is that the GDPR will set the new standard for compliance and take many companies by surprise, despite most who will consider it a passing trend.

Remember Me