In these times between scandals and revelations we hear a lot about Privacybut GDPR has actually been talked about for almost a year (although until a few weeks ago only a few people really knew what it was).
General Data Protection Regulation
The European Union has introduced a new regulation to defend the privacy of its citizens and its "code name" is General Data Protection Regulation (or GDPR), a regulation published in the Official Journal on May 4, 2016. The push to update the regulation is mainly due to the advent of the Internet and the consequent desire of the E.U. to introduce security measures aligned with current times, as well as the desire to raise the bar of protection tout court.
The new European Privacy Regulation will officially go into effect on May 25, 2018, and beware because this is not a disruption from the existing legislation. In fact, this regulation is a supplement that does not replace but implements the framework of privacy protection laws already in place.
It all stems from the need to control and protect the user against the vast network of the Internet that has allowed organizations to invent numerous methods of using (and abusing) people's data.
Increased control
The GDPR seeks to address this problem by giving people more control over how organizations use their data . It is to be enforced by businesses, individuals, courts and authorities. In addition, EU Regulation 2016/679 (General Data Protection Regulation) applies not only to citizens of the European Union but also to entities that reside outside member countries. One of the big changes that will be made is in Privacy by Design and by Default, where the data controller must ensure that it puts in place "appropriate technical and organizational measures to ensure that only personal data necessary for each specific purpose of processing is processed by default." Let's open a small parenthesis on this: a user's personal data means anything that falls under the Data Protection Act (including online identifiers such as IP addresses in personal data). Every person has the right to access any information a company holds about them and the right to know why the data is being processed, how long it is stored, and who can see it. A strong innovation is in the user's right to request that their data be deleted if it is no longer needed for the purpose for which it was collected: this is known as the "right to be forgotten."
Finally, Article 37 of the text specifies the designation of the DPO - Data Protection Officer. Through GDPR 2018 certifications and the acquisition of "vignettes" guaranteeing the correctness of Data Processing, the European Data Protection Supervisors will recognize the company or public entity as compliant with the new GDPR 2018 Regulations.
Failure to comply with the new European Privacy Regulation carries penalties of varying degrees but can become extremely onerous.
You can download the full regulations from this site.