What is the GDPR?
The General Data Protection Regulation is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. It also empowers member state-level data protection authorities to enforce the GDPR with sanctions and fines. The GDPR replaced the 1995 Data Protection Directive, which created a country-by-country patchwork of data protection laws. The GDPR, passed in European Parliament by overwhelming majority, unifies the EU under a single data protection regime.
Who must comply with GDPR?
Any organization that processes the personal data of people in the EU must comply with the GDPR. “Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc. “Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye color, political affiliation, and so on. Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply. The GDPR is also not limited to for-profit companies.
What are the GDPR fines?
The GDPR allows the data protection authorities in each country to issue sanctions and fines to organizations it finds in violation. The maximum penalty is €20 million or 4% of global revenue, whichever is higher. Data protection authorities can also issue sanctions, such as bans on data processing or public reprimands.
Does the GDPR requires encryption?
The GDPR requires organizations to implement “appropriate technical and organizational measures” to secure personal data and provides a short list of options for doing so, including encryption. In many cases, encryption is the most feasible method of securing personal data. For instance, if you regularly send emails within your organization that contain personal information, it may be more efficient to use an encrypted email service than to anonymize the information each time.
Consent support (From Google)
The GDPR introduces significant new obligations for the ecosystem, and the changes we announced to our EU User Consent Policy reflect this. Under this policy, advertisers that implement remarketing tags are required to obtain consent from users for the collection of data for personalized ads and advertisers that implement conversion tags for measurement purposes are required to obtain consent for the use of cookies.
To address questions we have received from our customers, we have updated cookiechoices.org with examples of consent language and available third-party consent solutions.
If you use Google advertising products that receive data from your site or app, we encourage you to link to How Google uses information from sites or apps that use our services, which explains how Google manages data in our ads products. Doing so will meet the requirement of our updated EU User Consent Policy to give users information about Google's uses of their personal data.
No comments:
Post a Comment