What does GDPR stand for?
GDPR is short for General Data Protection Regulation. The regulation was adopted by the European Union in April 2016 and comes into force on 25th May 2018.
The new regulation replaces the previous 1995 EU Data Protection Directive. It is important to understand that in the EU legislative framework there is a difference between a law that is a "Regulation" and one which is part of a "Directive". The latter is the guidance from the EU that is agreed as the basis for each country to implement in its own legislation. A regulation on the other hand has affect in each EU member state.
Does the GDPR mean huge changes compared to the previous directive?
It is complex and the question requires a detailed answer. However, in brief the answer is that there will not be a huge impact on a business' operations assuming the following:
- If a company is already applying high security standards and only saving and retaining data that is essential for the period that it is needed
- If EU customer data is only saved with the consent of the Data Subject (i.e. GDPR speak for the person whose data is saved). Furthermore, the data should be deleted when no longer needed or on request from the Data Subject.
- If the data storage and retention and related policies are transparent to the Data Subject.
- If the data is stored in the EU and not also moved to other territories.