
Privacy Laws
Introduction To GDPR
By TechDogs Editorial Team

Overview
Although you're not Google or Facebook, GDPR may still apply to your organization. So check out this introductory article if you want to avoid being fined.
.jpg.aspx)
GDPR stands for General Data Protection Regulation and went into effect on May 25, 2018. The implementation of this law aims to protect Internet consumers’ data and privacy within the European Union (EU) by giving citizens control over disseminating their data on the Internet and being notified when their data used by third parties.
It's also why you have to click that annoying cookie banner on almost every website in existence now but it protects your data far beyond what's collected when you visit a website. Any business in the EU (or even those outside the EU with European customers) must comply with GDPR and protect user data. Pretty awesome for data privacy!
It is designed to protect the privacy of every Internet user in the EU. Still, because it covers such a wide range of data, you need to know its rules and what data is regulated to ensure you're covering all bases. Let's jump in then!
7 Key Principles Of The GDPR
There are 7 key principles that guide the GDPR:
-
Lawfulness, Fairness And Transparency
An important distinction within these broad rules is fairness. It means that your site must be collecting data the way it tells users it is. Slippery tactics and manipulative trickery break this rule and make Star Fox very sad.
-
Purpose Limitation
Purpose limitation indicates that you need to be detailed and specific about the scope of what you’re collecting. You must inform the customer of the exact reason for data collection.
-
Data Minimization
Businesses must only collect the minimum amount of data they need. Like the other guidelines, this is a you-know-it-when-you-see-it rule.
-
Accuracy
Everything needs to be correct and up to date.
-
Storage Limitation
This is like the Data Minimization principle but instead of referring to the quantity of data, it refers to the length of time the data is retained.
-
Integrity And Confidentiality (Security)
Businesses must follow privacy principles to keep data secure. The company holding the data is responsible for keeping it safe.
-
Accountability
Obviously, these principles are the responsibility of the business holding the data. It wouldn’t make sense to blame you if your favorite food ordering app had a data breach, now would it?
The GDPR’s Long, Winding Road
The 1995 Data Protection Directive (DPD) was replaced by GDPR. The key difference between the two is that the GDPR is a mandate (you must do it), while the DPD is a directive (we'd be super happy if you did it). The GDPR must be followed by all 28 members of the European Union but the DPD was flexible and allowed countries to adjust laws how they saw fit.
Ever since the GDPR was introduced in 2018, all EU members have been under the same set of data privacy laws. Once a business is compliant with the GDPR, it’ll be compliant with all EU countries, making life a little bit easier.
OK, So What’s Actually Protected?
GDPR covers everything—and by that, we mean everything.
Here’s what’s protected:
-
Personally identifiable information, including names, addresses, date of births, social security numbers, etc.
-
Web-based data, including user location, IP address, cookies and RFID (Radio-frequency Identification) tags.
-
Health (HIPAA) and genetic data
-
Biometric data
-
Racial and/or ethnic data
-
Political opinions
-
Sexual orientation
Basically, you name it and it’s protected. It’s all in the name of keeping customers’ data safe from hackers who want to steal your identity.
Do I Even Need to Worry About This?
GDPR is everywhere. It’s like Batman and the Internet is Gotham. Here’s how you can figure out if it applies to your business:
-
You work in the European Union
-
You process data of EU residents
-
You have more than 250 employees
-
Your data-processing affects your user’s rights
The GDPR regulation applies to any company or person who collects or gathers data for other data collection services too, as well as any company or person based outside the EU collecting data on an individual within the EU.
The GDPR regulation does not apply to organizations gathering information for purposes of law enforcement or reasons of national security, data used by individuals for non-commercial or non-professional activity or any personal data processor that has been re-written to provide a greater sense of anonymity (basically, it's being encrypted).
The Consequences Of GDPR Help Everyone
What the GDPR has done is it made companies around the world get serious about your data. If it weren't for the GDPR, we'd be back in the Wild Wild West of data protection act, which basically means your customer data was up for grabs by outlaws across the world if companies didn't bother to take care of your data processing (which many of them didn't).
Even if they were protecting your data, it was hard as heck to find out what they even had on you. The GDPR made it much easier for customers to learn about data regulation as well, what data was being collected about them and customers could ask for that data to be removed (and stop the collection of their data in the future).
Here’s How To Comply With GDPR
You got to get on board with GDPR, so here’s how your business can get started:
-
Have a plan for a data breach. Make sure it’s in writing.
-
Have a data protection officer. You can just give an existing employee that title! You can even give that title to yourself; just make sure you do it in writing.
-
Log all the data risks you identify. The log will protect you from spending the rest of your life in jail.
Do all this and your customers will know you care about their data. It looks great for you and it’s great for your customers.
The GDPR Doesn’t Play
Let’s just say that the EU isn’t messing around when it comes to penalties. You can get hit with a €20 million fine or 4% of your global annual turnover if you don’t comply with the GDPR.
Three US Companies Who Were Penalized By GDPR
-
Google
Google was hit with a 3.7 billion Euro lawsuit for not complying with the GDPR's regulations on opt-in/opt-out clauses. After being hit with the fine, Google changed many of its privacy policies to comply with the stricter EU regulations. Obviously, this was awesome for everyone because everyone uses Google for something (actually, everything), so the result was that your data controller is better protected by one of the big players.
-
Facebook
In April of 2019, 540 million records containing information about Facebook users were discovered on a server that could be accessed without a password. Anyone could have accessed the information, meaning Facebook had violated the GDPR.
At the poibt of writing this article, Facebook has yet to receive a fine for this data breach but the penalty will be substantial when it hits them. Thankfully, they got serious about GDPR...
-
British Airways
500,000 customers of British Airways had their data stolen by hackers in June 2018.
British Airways were given a 204.6M Euros fine ! The result of the breach - log in and travel booking details, names, addresses, card numbers, expiry dates and the three-digit CVV codes siphoned off by hackers. As you might have guessed, they've since revamped their security policies and made things more secure.
Ultimately, all incidents ended well because customers’ data was better protected, which shows that GDPR is not to be taken lightly.
Privacy Laws Will Only Get Stricter—Get on Board Now
As data collection expands and both customers businesses will realize the benefits of protecting with organization of their data subject. Moreover, Privacy laws (and privacy practices) will only become stricter. We will see companies add features like encryption to digital products. Mobile apps, largely, are already beginning to move in that direction.
The GDPR is a lot to take in at once. While it's true that the GDPR is making the Internet a more transparent and safe place to conduct business, it's also protecting users all over the Internet and giving them a better online experience.
Whether you are just starting to learn about Internet privacy or your business hasn't complied with these relatively new regulations, whether you're an individual or a business owner, it's in your best interest to learn about GDPR.
Frequently Asked Questions
What are the key principles of the GDPR?
The GDPR is guided by seven key principles which include lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability. These principles emphasize the importance of collecting data transparently and fairly, using it for specific purposes, minimizing the amount of data collected, ensuring its accuracy, limiting storage time, maintaining security and confidentiality, and being accountable for data processing activities.
What types of data are protected under the GDPR?
The GDPR protects a wide range of data, including personally identifiable information such as names, addresses, and social security numbers, web-based data like IP addresses and cookies, health and genetic data, biometric data, racial and ethnic data, political opinions, and sexual orientation. Essentially, any information that can directly or indirectly identify an individual falls under the protection of the GDPR, highlighting its comprehensive approach to safeguarding personal data.
How can I determine if GDPR applies to my business?
Determining whether GDPR applies to your business involves several factors. If your business operates within the European Union, processes data of EU residents, has more than 250 employees, or if your data-processing activities affect users' rights, then GDPR compliance is mandatory. Additionally, even if your business is based outside the EU but collects data on individuals within the EU, you are subject to GDPR regulations. However, there are exceptions, such as data collected for law enforcement purposes, personal or non-commercial activities, or data that has been sufficiently anonymized or encrypted. Understanding these criteria is crucial for businesses to assess their GDPR obligations and ensure compliance with data protection laws.
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending Introductory Guides
A Learner’s Guide To Data Lakes
By TechDogs Editorial Team
Your Marauder’s Map To Decipher The World Of Endpoint Encryption Software
By TechDogs Editorial Team
Enter The Universe Of Cloud Gaming
By TechDogs Editorial Team
It’s About Time You Understood SEO
By TechDogs Editorial Team
Unfold The Tale Of Security Information And Event Management (SIEM) Software
By TechDogs Editorial Team
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion