From today, the new European law on the protection of personal data, the General Data Protection Regulation (GDPR), comes into force. According to him, citizens of the European Union and those who are on the territory of the EU, will have full control over their personal data.
The introduction of the law began to be prepared long before he earned, and to implement it the companies approached as responsibly as possible. How can there be a fine of 20 million euros or costs up to 4% of the company’s annual turnover for violation of the GDPR?
The catalyst for the adoption of the law was, among other things, a large-scale leak of data from users of the social network Facebook.
According to the text of the GDPR, personal information refers to any information relating to an individual, and on which you can directly or indirectly identify it.
This can be a name, identification number, location data, characteristic of physical, mental, cultural, economic, genetic or social factors. IP-address and cookies are also included in the list of GDPR.
A company that collects and uses such data is called a data operator. He (the operator) is required to obtain a clear physical consent to their collection and processing from a person. That is, before sending a mass mailing, the company should be able to confirm that you physically committed some action confirming the desire to receive letters.
What is interesting is that the law works absolutely for all users who are on the territory of the EU. Even if you have a Russian passport, and you went on a trip to France, the GDPR also acts on you. In the territory of the euro area, your personal data is protected. At least, so the law itself is treated.
In Russia, it has its own law “On Personal Data” and its domestic companies have adhered to for a long time. Sberbank and VTB already expressed their readiness to support the initiative of the GDPR. [ Vedomosti ]