What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a regulation of the European Commission for the protection of data in the European Union. This regulation also regulates the flow of personal data outside the EU. Its main objective is to protect the privacy of EU citizens and to standardize the data regulation rules of the EU member states. Its rules also apply to members' police and military procedures.
The General Data Protection Regulation will replace the Data Protection Directive introduced in 1995. The General Data Protection Regulation was adopted on April 27, 2016 and is to be implemented on May 25, 2018. The two-year gap will allow any transitions to the regulation.
The General Data Protection Regulation will extend the scope of the applicable data protection regulations to all countries that use personal data of EU citizens. This also applies to foreign countries that use data from EU countries. The data protection laws in all EU countries will be merged, which will enable easier and more efficient data protection and more compliance.
However, the regulation has become even stricter than originally planned, and non-compliance will result in a penalty of up to four percent of sales. Initially it was five percent, but it was reduced after negotiations between the European Parliament, the Council of Ministers and the European Commission. While this law will greatly benefit citizens, it will also face many challenges in implementing it. The main challenge will be for companies to update their practices in line with regulations.