GDPR - a brief history
On 25 May 2018, the General Data Protection Regulation (GDPR) replaced the Data Protection Directive (95/46/EC). Up until then, 28 different national laws – implementing the Data Protection Directive – governed data protection matters in the EU.
However, since 1995, the internet has grown immensely and the way data is being used, collected and stored has fundamentally changed
Data is everywhere
Therefore, a revision of the Data Protection Directive was long overdue. This time, the EU opted for a regulation instead of a directive. This means that the GDPR – as one unified data protection regulation – directly applies in all EU member states, harmonising national data protection laws across the EU.
Although GDPR-compliance is still widely perceived as an administrative burden by many companies, there is also a reverse side to the coin: it creates new business opportunities and value in the future digital economy.
Take back control – as its primary objective, the GDPR strives to give back the control of personal data to all citizens in the EU. Therefore, improving their overall sense of trust and security.
GDPR in the Digital Age - by simplifying the monitoring environment for international businesses, through the standardisation of the regulation within the EU, the GDPR facilitates the international data flows.
A fair competition - by creating the same set of rules between companies established in the EU, and those based outside the EU, the GDPR puts an end to distortion of competition.
The most important novelties introduced by the GDPR:
Extended territorial scope;
New basic principles;
New obligations – for processors too;
New rights for data subjects;
Rules on children’s consent;
High fines – up to 20 million or 4% of the total worldwide turnover.