The principles of the General Data Protection Regulation are focused on the interests of personal data owners, introducing strict regulation and control over companies that collect user data.
According to the GDPR, an organization must obtain explicit permission from the user to collect and use personal data.
Basic principles of the GDPR:
The company must provide each user with information about what data is used and why. At the same time, the user has the right to refuse the transfer and further storage of data.
Every user has the right to change or delete information about themselves at any time.
Companies must designate a data protection officer.
In the event of a breach of the regulation or a data leak, companies must notify EU countries within three days.
Users have the right to receive information about the processing of their personal data. The responsible employee is obliged to provide a copy of the information about him/her free of charge upon request.
The right to be forgotten. Each user may at any time ask to delete his or her data, stop its dissemination and processing.
The user can ask to transfer their data to another company.
Built-in algorithm. A mechanism for working with personal data should be added to the system at the design stage.
The need to obtain consent to process data for a specific purpose. If one data is collected to achieve several goals, it is necessary to obtain consent for each of them.
Before the GDPR, IT companies allowed themselves to ignore the requirements for processing personal data to achieve their own goals. The GDPR dramatically increases the amount of fines. Systematic non-compliance with the new requirements will result in a fine of up to EUR 20 million or 4% of the company’s turnover for the previous financial year.
The increase in the amount of the fine is necessary to enforce compliance with the GDPR for those IT giants that might have chosen to pay fines rather than comply with the new regulations. It is expected that Google, Facebook and other corporations will be forced to comply with the new requirements.
Before a fine is imposed, a potential violator will be sent a letter demanding that they eliminate the violations. This will help honest small and medium-sized businesses avoid unnecessary costs.