Taking effect as of May 25th this year, these changes include strict fines throughout the EU for breach in data security and more power afforded to citizens regarding what companies can do with their private data.
Designed to protect consumers, the new regulations of GDPR aim to protect customer data in the new digital environment. With these new regulations in place it should be easier for businesses to gain and hold consumer trust.
There are two parties responsible for data security, they are ‘The Controllers’ and ‘The Processors’. The Controllers are the entities that determine the methods and reasons for gathering user data. The Processors are the IT firms that handle the technical functions that processes the data. The new regulations the GDPR will enforce affect both controllers and processors that handle the personal data of EU residents, regardless of whether the controlling or processing parties are based in Europe or abroad. All online businesses and platforms that accept customers or members will be affected by these new laws.
Processors hold full and even partial responsibility for a data breach and will be penalised much more strictly with this regulation than the previous Data Protection Act. The Processor will bear most of the blame regardless of the actual source of the breach.
For more information visit: http://www.ukssa.org.uk