After four years of preparation and debate, the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.

What you need to know about the General Data Protection Regulation

What is the General Data Protection Regulation

“The GDPR is a key step towards protecting the personal data of people and keeping the right to privacy in mind all the time. Complying with the new regulation is not easy for companies who store personal data in the cloud, but encryption simplifies the process a lot.”

At its core, GDPR is a new set of rules designed to give citizens more control over their data. It aims to simplify the regulatory environment for business so both citizens and businesses can fully benefit from the digital economy.

The reforms are designed to reflect the world we’re living in now and bring laws and obligations across Europe up to speed for the internet-connected age.

From social media companies to banks, retailers, and governments — almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analyzed and, perhaps most importantly, stored by organizations.

The GDPR is the most comprehensive data protection regulation to date, radically changing the way how businesses should manage personal data.

GDPR and Encryption

The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation. The GDPR obliges you to minimize the personal data you store and handle.
Access control, encryption, and client-side key management help you maintain full ownership of who is seeing what in your organization. Use our resources to learn more about GDPR and about the role encryption can play in reaching GDPR compliance.

Penalties

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

The GDPR is meant to update the standards to fit today’s technology while remaining general to simply protect the fundamental rights of individuals throughout future waves of innovation.