The world over, privacy concerns seem to dominate the mainstream discourse. Recent events of mass scale privacy breaches like the one seen in Cambridge Analytica incident expose the sophistication of data gathering on the one hand, and the vulnerabilities in extant technologies and businesses on the other. It is inevitable that legislation and regulation all over the world would seek to protect privacy. Any such legislation would have to balance the concerns of the individual, technological advances, and the political and commercial realities of the world.
The European Union seem to have taken a massive initiative in this regard. The General Data Protection Regulation (“GDPR”) comes into effect today. The GDPR provides for some very drastic and cost-intensive changes from the European Union’s erstwhile data protection law – the Data Protection Directive 95/46/EC and impacts not only businesses and entities in the EU but also businesses and entities wherever in the world situated, offering goods or services to any person or entity in the EU. This would mean that almost every organization, big or small, in the world which is deals with residents of the EU must comply with the GDPR.
In this brief note we have summarised some of the key provisions of the GDPR to present a general overview.
