What is the GDPR?

I’ve received at least a couple dozen emails from services about privacy protocols in the last few days (if you haven’t received or even heard of GDPR, you barely use any of the major web services on the planet).
So what exactly is this GDPR?

Introducing the GDPR

The GDPR was officially introduced by the European Union on 25 May 2018**[]( regulation/)**

The Regulation is the biggest change in data protection legislation in almost three decades and aims to strengthen the protection of personal data and privacy of people living in the EU. In addition, it will simplify the regulatory framework for multinational enterprises by harmonizing data and privacy regulations. It will replace the [] (, which was enacted in 1995. The 1995 [Data Protection Directive]( is the EU version of the Privacy Shield. Its main objectives include harmonizing data protection legislation and regulating the transfer of personal data to "third countries" outside the EU. In addition to a number of other measures, each of the allies has established its own independent public authority to oversee the implementation of the directive and to act as a supervisory authority for interaction with businesses and citizens. Overall, the Directive is consistent with the original recommendations of the Organisation for Economic Co-operation and Development (OECD) and the core concept of privacy as a fundamental human right. While the [Data Protection Directive]( is intended to unite the legislation of non-aligned countries, it is only a directive, and when transposed into the independent laws of each country, it still has a certain degree of effectiveness. Room for interpretation. This, coupled with the rapid changes in today's data landscape, especially the rise of social platforms such as Facebook, LinkedIn and cloud technology, will certainly escalate the regulatory environment in the EU. The upcoming GDPR is a larger piece of legislation and is immediately enforceable in all member states.

<!> The upcoming GDPR is a much larger piece of legislation and will be immediately enforceable in all member states. –more–>

Regulations vs.

An important feature of this change is that the EU GDPR is a regulation replacing a directive. The Regulation is directly applicable in all EU member states, while the Directive gives each member state the discretion to decide on the implementation of data protection laws. Thus, in addition to strict data and privacy protection, the implementation of the regulation will simplify the regulatory framework by harmonizing data and privacy regulations across the EU. For multinational companies, this will help eliminate inconsistencies in local laws and reduce administrative costs and burdens when dealing with multiple data and privacy protection authorities.

Increased penalties

The GDPR will continue to be enforced through regulators and the courts, with criminal and administrative penalties in addition to civil remedies. However, according to the [International Association of Privacy Professionals] (, GDPR increases administrative fines up to 20 million euros or 4% of a company’s annual turnover, depending on the case.

The new extended jurisdiction will affect Chinese companies operating in the European Union.

An important feature of the Regulation is the new extended jurisdiction, which may affect businesses outside the EU. The new regulation applies to businesses that provide goods and services to individuals in the European Union, or monitor the behaviour of individuals (such as operators of commercial websites or mobile applications). The regulation will affect many Chinese companies.

According to, these conditions are defined as “a specific and explicit expression of the will of the data subject to give his or her consent, either by means of a declaration or a clear affirmative gesture, in an informed and autonomous manner, By doing so, they consent to the processing of personal-related data…”

Establishes new rights

The EU GDPR also creates two new rights of personal privacy, the “right to erasure” and the “right to transplant”. The right to erasure is an extension of the “right to be forgotten” and gives individuals the right to request the deletion of their personal data. The right to transplantation, on the other hand, gives the individual easier access to his or her data. Individuals can request the transfer of their data from one provider to another. This type of data transfer will create more convenience for the individual and more competition between suppliers.

How to ensure compliance

The GDPR applies not only to businesses within the European Union, but also to businesses outside the European Union - if they provide goods or services to data subjects within the European Union, or if they monitor their activities.

Many businesses have not previously complied with EU data and privacy laws and many of the details (such as scope and implementation) are unclear. For businesses that operate in the EU or that provide goods and services to European individuals or monitor their activities, you can prepare in advance for next year by taking the following steps.

—. An in-depth reading of the GDPR based on available information Understanding the broad scope of personal data under the GDPR regulations Create documents to update or review personal information and security measures Create documentation to update or review policies and procedures for breach reporting, incident reporting and risk assessment in accordance with the GDPR. Create Update or review any necessary contract and agreement language Determine whether using a cloud-based HR or payroll provider will help your company mitigate compliance risks. HR leaders need to be aware that Chinese citizens residing in Europe will be protected by the GDPR, while EU citizens residing outside the EU will not be protected by these regulations.

While many companies have already adopted data and privacy measures to comply with the Data Protection Directive, the GDPR contains new protections that apply. In the wider sector, including businesses in and outside the EU, this will require additional compliance measures. Companies must act quickly to prepare for the entry into force of the GDPR in May 2018.


Yet there will always be some non-conformists on the planet who can deny basic values, who can withdraw from European markets in order not to comply with the GDPR.

Of course the next day it got so big, the CEO of the company came out and washed his hands of the following.

But what’s the point? These users who do not care about the privacy of a certain country will not continue to use the