oboloo
30 Day Free Trial

oboloo Articles

What is GDPR? Definition

Book A Free Demo
Find Out More
Book A Free Demo
Find Out More

What is GDPR? Definition

The General Data Protection Regulation (GDPR) is a comprehensive EU data protection law that came into effect on May 25, 2018. The GDPR replaces the 1995 EU Data Protection Directive. It strengthens EU data protection rules by giving individuals more control over their personal data, and establishing new rights for individuals. The GDPR applies to any company that processes the personal data of EU citizens, regardless of whether the company is based inside or outside of the EU. Companies that process the personal data of EU citizens must comply with the GDPR unless they can demonstrate that they meet certain conditions.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation of the European Union (EU) that became effective on May 25, 2018. It strengthens and builds on the EU’s current data protection framework, the General Data Protection Regulation (GDPR) replaces the 1995 Data Protection Directive.

The GDPR sets out the rules for how personal data must be collected, processed and stored by organizations operating in the EU. It also establishes new rights for individuals with respect to their personal data. Finally, it creates enforcement mechanisms to ensure that data controllers comply with the GDPR.

Organizations that process personal data must take steps to protect individuals’ rights and adhere to principles of data minimization and purpose limitation. They must also provide individuals with certain information about their rights under GDPR, as well as contact information for the organization’s Data Protection Officer.

Under GDPR, personal data must be:
– Legitimate and necessary for the purposes for which it is being processed.
– Accurately and carefully collected.
– Processed in a transparent, consistent and fair manner.
– Erased or destroyed where no longer necessary and subject to regular monitoring.

Organizations that process personal data must disclose their contact information to individuals upon request. They must also inform individuals of their right to access their personal data, as well as their right to have that data erased in certain circumstances.

The Different Types of Data

There are four different types of data that are regulated by GDPR: personal data, special categories of personal data, criminal convictions and offenses data, and children’s data.

Personal data is any information that can be used to identify a natural person. This includes names, addresses, ID numbers, IP addresses, genetic information, and more.

– Special categories of personal data includes information about race, ethnicity, political opinions, health, sex life, and religious beliefs.

– Criminal convictions and offenses data covers anything related to a criminal offense that someone has been convicted of. This could include things like jail time served or probationary measures taken.

– Children’s data is any information relating to a child under the age of 16. This includes things like name, date of birth, address, school records, and more.

What GDPR covers

The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement in order to better protect the privacy of digital data. The regulation is also known as the EU Data Protection Regulation, Reg. No. 765/2016.
It replaces the 1995 Data Protection Directive (95/46/EC), which was passed before the advent of digital data and did not take into account advances in technology.

The regulation sets out strict rules about how personal data must be collected, used, and protected. It gives individuals the right to know what personal data is being collected about them, the right to have that data erased, and the right to object to its use.

The regulation applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside of the EU.

The Consequences of Non-Compliance

There are a number of consequences that can arise from non-compliance with GDPR. These include:

• Fines – Companies can be fined up to 4% of their global annual revenue or €20 million (whichever is greater) for serious breaches of GDPR.

• Reputational damage – Non-compliance with GDPR can damage a company’s reputation, particularly if it is made public that they have been fined for breaching the regulation.

• Loss of customers – Customers may choose to take their business elsewhere if they feel that a company is not taking their data privacy seriously.

• Legal action – Individuals who have had their data breached may take legal action against the company responsible.

How to Comply with GDPR

The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement in order to protect the personal data of individuals within the EU. The regulation is also known as EU Data Protection Regulation, Reg. No. 765/2016.
It replaces the Data Protection Directive (95/46/EC), which was passed in 1995 and did not take into account advances in technology.

The regulation applies to any company that processes or intends to process the personal data of individuals in the EU, regardless of whether the company is based inside or outside of the EU. Companies that process the personal data of EU citizens must comply with GDPR unless they can demonstrate that they meet certain conditions.

There are a number of steps that companies can take to comply with GDPR:

1. Appoint a Data Protection Officer:
Under GDPR, all companies that process or intend to process the personal data of individuals in the EU must appoint a Data Protection Officer (DPO). The DPO is responsible for ensuring that the company complies with GDPR and for providing information to individuals about their rights under GDPR.

2. Implement Appropriate Technical and Organizational Measures:
Companies must implement appropriate technical and organizational measures to protect against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. These measures should take into account the state of the art, the cost of implementation, and

Conclusion

The General Data Protection Regulation (GDPR) is a new EU data protection law that came into effect on May 25, 2018. The GDPR replaces the 1995 EU Data Protection Directive. It strengthens EU data protection rules by giving individuals more control over their personal data, and establishing new rights for individuals. Businesses that process personal data must comply with the GDPR. Failure to comply can result in fines of up to 4% of a company’s global annual revenue or €20 million (whichever is greater).

Want to find out more about contract management?

Access more blogs, articles and FAQ's and discover oboloo's contract management capabilities

Find out more
Oboloo transparent

The smarter way to have full visibility & control of your suppliers

Linkedin Twitter
Menu

Home

Sourcing

Contract Management 

Supplier Management

Savings Management

 

Resources

Blog

Partnerships 

Charities/Non-Profits

FAQ’s

Service Status

Release Notes

Contact

Feel free to contact us here. Our support team will get back to you as soon as possible

Contact Us
Oboloo transparent

The smarter way to have full visibility & control of your suppliers

Linkedin Twitter

Contact

Feel free to contact us here. Our support team will get back to you as soon as possible

Contact Us
© 2024 oboloo Limited. All rights reserved. Republication or redistribution of oboloo content, including by framing or similar means, is prohibited without the prior written consent of oboloo Limited. oboloo, Be Supplier Smart and the oboloo logo are registered trademarks of oboloo Limited and its affiliated companies. Trademark numbers: UK00003466421 & UK00003575938 Company Number 12420854. ICO Reference Number: ZA764971
Terms
Privacy Policy

Sustainability

Equality, Diversity & Inclusion
Modern Slavery