General Data Protection Regulation: Issues of compliance and non-compliance
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection, designed to harmonize data privacy laws across Europe as well as to protect and empower all EU citizens data privacy. It was adopted in April 2016 and will come into effect on 25 May 2018.
The biggest change to current regulations of data privacy comes with the extended jurisdiction of the GDPR; as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location and whether the processing takes place in the EU or not.
The regulation also brings a new set of data subject rights, or digital rights, for EU citizens. These include among others the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose, and the right to be forgotten which entitles the data subject to have the data controller erase his/her personal data.
This story collects articles looking at what the new GDPR means for business and human rights in the digital economy and human rights concerns arising from non-compliance.