What Is It?
The EU General Data Protection Regulation (GDPR), effective May 2018, is one of the biggest changes in privacy regulation in decades and has the most far reaching effects of any privacy policy.
The 2018 reform reinforces data protection for the individual European Union (EU) citizen and/or persons who reside in the European Economic Area (EEA) and gives citizens control over their personal data.
The idea of the GDPR is to unify and set a privacy standard for companies within the EEA. Additionally, privacy laws apply to EU citizens that have information collected or obtained from the EU in any transatlantic commerce. This means all organizations globally, including the US corporations must comply with the privacy shield framework when processing or storing data of EU citizens.
How Does It Apply?
To comply, you’ll need to know how the GDPR defines personal data, where it’s located in your business, how it’s used, who can access it, and much more.
Note: Personal data is any information relating to an identified or identifiable natural person.
This means companies must consider these key principles:
- Fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Data deletion
- Data security
- Accountability
Individuals under the GDPR have rights to:
- Data access
- Data objection
- Data rectification
- Process restrictions
- Data portability
- Right to erasure
Failure to comply with GDPR may incur some pretty hefty fines. The fines will range from €20 million, or up to 4 percent of the offending organization’s annual revenue — whichever is greater.
For lesser offences, the fine will be halved to €10 million, or up to 2 percent of the offending organization’s annual revenue — again, whichever is greater.
Fully disclosed GDPR directed privacy policies, as well as authorization forms specific to EU citizens, are required when obtaining a consumer reports. GDPR has wide reaching impact and is a complex subject. As such, companies should consult their own legal counsel and risk management teams and review the legislation thoroughly to determine compliance responsibilities under the new EU GDPR rules, as well as current FCRA, applicable state law and international regulations.
*This article is for informational purpose only and Consumer Reporting Compliance Associates expressly disclaims any warranties or responsibility or damages associated with or arising out of information provided.*