The GDPR, which stands for "General Data Protection Regulations", is a general / binding law governing the privacy of businesses by the EU,
Officially enforced in the European Union on May 5 and officially launched in the European Union on May 6, 2009, businesses that do not comply with these laws will be fined heavily (equivalent They will pay 2 million euros (or 2% of the company's annual revenue).
Many articles on Medium have pointed out that in the past six years, privacy laws have never had such a positive and significant growth, and it is hoped that these laws will provide a safer environment for union users. We will see Europe.
The document states that businesses that intend to process or share their customer information for a variety of purposes will be required to comply with the information privacy requirements, as well as users of different systems. What rights and rights will they have under the new laws.
Previous EU privacy (information) laws were enacted in the EU in year 2 and also in the UK version of that year.
Obviously, the laws of those years were based on the technologies of that timeframe as well as the conventional ways of using information and the entry of new information data generated from different sensors such as IoT or mobiles and different methods. It was not seen, allowing various companies to exploit user information in their own interests with specific, profitable policies.
What is the GDPR's new definition of personal data? And under what concepts are they categorized?
This document addresses concepts such as "personal data" and its meaning. The meaning of private data refers to data that can be directly or indirectly identified by a person, which can include a person's name, mobile phone number, specific physical characteristics, The psychological characteristics of any subject with which one can be identified.
The new document also refers to a specific set of "Special Categories" personal information, which includes data such as nationality, religion, skin color, user views on political issues, and so on. And all this is part of personal information.
The old Law on the Protection of User Information (in the EU), which was formulated and enforced in year 7, did not contain any law aimed at protecting the information of European users for companies outside the Union (working with their information). , Which is the case in the new version of GDPR, which will take effect in May
Personal data cannot be processed without users' permission.
In previous rules, companies could process users' data and this would not be a responsibility for them, but under the GDPR the issue would be different, companies had to report clearly what processes they were going to do. And what the results are intended to be used for. They will also face heavy penalties for failing to comply with GDPR laws, and there will be a risk that they will be involved in civil cases, which will increase their vulnerability to failure in various cases.
Published information about companies that have a lot of users around the world (especially IT companies) sometimes shows that they do not report partial or complete information leakage of their database when it occurs. And soon after that this issue is accidentally published in the media (such as Yahoo and Facebook Company Data Leak Year 2) because at that time if such a thing is reported, the brand's reputation and stock price will be challenged, That are subject to corporation GDPR laws as soon as events such as leaks or unauthorized information occur (such as hacking or losing Eden information, etc.) report it immediately to the penalty of the law are not very heavy.
Fines for offending companies
If companies fail to comply with the GDPR rules and are found to have failed to properly enforce or violate the law and their data is illegally leaked, they will be fined between 2% and 3% of their annual income or up to € 5m. the payment.
The main purpose of the new EU GDPR legislation is to show a new approach to personal information, which shows that data protection is more important than ever.
Information Protection Officer
According to the rules set out in the GDPR, companies are required to have a DPO in charge of protecting users' information in their organization, ensuring that they are in control of the different parts of the organization (the entire organization). Ensure that GDPR rules are properly observed to protect the personal information of EU Member States.
EU users own the right to own information
Under the new law, people in the EU can make requests to companies / companies that maintain and process their data, and they will be required to provide the information needed to meet the needs of users. To provide them.
The right to receive information
After any request for data, businesses should be as clear as possible about how the data is processed, who processes it, and where it may end. People should also be able to communicate with the data controller on any request they may have.
People who wish to review the use of their data have the right to access this data and confirm the legality of its use.
Right to amend
Data subjects have the right to correct any incorrect information stored about them quickly, unambiguously and without undue delay.
The right to erase
Also known as the "right to be forgotten", there are a number of legitimate reasons a data person can request to erase their personal information:
– Their data is no longer needed.
– Due to illegal processing, a person can request that their data be cleared from the processor.
– Declare processed information illegal.
– Information about a child. (And may be used in the future)
Right to limit processing
This right applies in similar circumstances to the right to clear. A natural person may request that a restriction be imposed on their data processing.
The right to access data
According to GDPR rules, individuals can also request their information held in third-party companies.
The right to oppose and protest
People can request that their data not be used by companies for direct marketing. There are also various other grounds for protesting legal use or historical scientific information.
Automated individual decision making
Various information about users is generally used for automated decision making systems (eg shopping habits, residence, etc.) is data that is used by automated decision making systems to provide relevant results. ) That by enforcing GDPR data protection laws, users can request various systems not to use this data.
Assessing the Impact of Data Processing
Data processing under GDPR rules will only be permitted for organizations that have the following items evaluated in their organization.
– Impact of information processing on the requested topic for information processing
– Technical processes (to assess whether these processes are occurring)
– Security measures to protect personal information