JMC DIGITAL MEDIA 

Video & Photographic Solutions

WHAT IS GDPR?

For those unfamiliar with it or those coming to it fresh, the EU General Data Protection Regulation (GDPR) is the most important change in data protection legislation in the last 20 years.


The legislation was approved by the EU on the 14th April 2016 and became enforceable from the 25th May 2018.

On this day, GDPR replaced the previous Data Protection Directive 95/46/EC.


The main thrust of the new legislation is to standardise data protection laws across all EU states and enforce a new approach on how organisations handle personal data.


GDPR key changes;

Ultimately, the aim of GDPR is to protect EU citizens from privacy and data breaches in an increasingly globalised world where technological advances have allowed the sharing of data on an unprecedented scale.


Although the key principles of data protection from the former Data Protection Directive 95/46/EC are still relevant, many changes have been made to the regulatory policies.

In brief, these are;


Increased Territorial Scope (extra-territorial applicability)

The biggest change that new legislation introduced is the extended jurisdiction of the GDPR, as it applies to all businesses who process personal data of subjects residing in the EU, regardless of the organisation’s location.


Penalties

Under the legislation, organisations in breach of GDPR can be fined up to 4% of their annual global turnover or €20 Million (whichever is greater).


This is the maximum penalty that can be applied to an organisation that flouts the core directives.

There will be a tiered system of penalties applied to lesser misdemeanours, but these penalties will still be severe.


Consent

The granting and withdrawal of consent has been improved for EU subjects.

The granting of consent will no longer be camouflaged under legal jargon, buried within a data controller’s terms and conditions.


The consent granted will be clearly cross referenced with the data for which it was requested.


An EU subject will also have the ability to withdraw their consent from a data supplier without difficulty.