General Data Protection Regulation (GDPR)
《General Data Protection Regulation (GDPR)The GDPR is the strictest privacy and security law in the world. Although it was drafted and adopted by the European Union (EU), it imposes obligations on organizations anywhere as long as they target or collect data related to people in the EU. The regulation came into effect on May 25, 2018. The GDPR imposes severe fines for those who violate its privacy and security standards, amounting to tens of millions of euros.
With more and more people entrusting their personal data to cloud services and data breaches occurring every day, Europe has demonstrated its firm stance on data privacy and security through GDPR. The regulation itself is large, far-reaching, and fairly sparse on specific details, making GDPR compliance a daunting prospect, especially for small and medium-sized enterprises (SMEs).
History of GDPR
Privacy is 1950 European Convention on Human Rights, which states: "Everyone has the right to respect for his private and family life, his family and his correspondence." On this basis, the EU seeks to ensure the protection of this right through legislation.
As technology advanced and the internet was invented, the EU recognized the need for modern protection. So it adopted the European Data Protection Directive in 1995, establishing minimum standards for data privacy and security, on which each member state built its own implementing laws. But the internet has become the data hoover it is today. In 1994, the first banner ad appeared online. In 2000, most financial institutions launched online banking. In 2006, Facebook opened to the public. In 2011, a Google user sued the company for scanning her emails. Two months later, the European Data Protection Authority announced that the EU needed a "comprehensive approach to personal data protection" and began work to update the 1995 directive.
The GDPR came into force after being passed by the European Parliament in 2016, and from May 25, 2018, all organizations must comply.