“The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information”  -Andrus Ansip.


In 12th January 2012, the European Commission laid out proposal for data protection regulation across the European Union in order to make Europe ‘fit for the digital era’. Only after four years the agreement was reached and Data protection laws were enforced.

GDPR framework will serve as inspiration to all member-states and will have implications for businesses and individuals across Europe, and beyond.


The General Data Protection Regulations are precept on data safety and privacy for all individuals within the European Union  and the European Economic Area. GDPR is a new set of rules constructed to give citizens of EU more control over personal data. GDPR directs to give supervisory control to citizens on their personal data and also simplifies the environment for international business.

The regulations are designed in such a way so as to protect personal data, privacy and consent across Europe.

In today’s world every aspect revolves around data. From Government to Corporates, Banks to Retailers, almost every services revolves around data. Thus its protection is also equally important. GDPR gives the scope for this protection. Let us learn more about GDPR in this article.

GDPR compliance

Data breaches are ineluctable. Information may get into the hands of the people who never intended to see it and may have malafide intent.

Not just the organizations but those whose collect and manage data are liable for any misuse and exploitation. They have to face the penalties for the same.

GDPR applies to

Any organization operating under the ambit of EU, also to organizations outside EU which offer goods or services to customers or businesses in the EU. Today Major Corporation in the world will have to start working on GDPR compliance strategy or something similar on those lines else they will be backward in data regulation compliance.

Two data handlers to which the legislation applies are:

  1. Processors
  2. Controllers

The definitions of Processors and Controllers is well laid out in Article 4 of the General Data Protection Regulation.

  1. Controller is a person, agency or public authority which determines the purposes and means of processing of personal data. Controllers are forced to ensure that all contracts with processors are compliant with GDPR.
  2. Processor is the person, agency or public authority which processes personal data on behalf of controller. GDPR places legal obligations on a processor to maintain records of personal data and how to process it.

GDPR and Businesses

GDPR constitutes single set of rules for all companies doing business with EU. It means this legislation applies beyond the borders of EU.

Thus, by streamlining data legislation with GDPR, it can bring various advantages to businesses.

Ultimately by coordinating with GDPR, businesses shall create opportunities for themselves and encouraging innovation within the organization.

GDPR fines and penalties for non-compliance

Failure to accept GDPR can result in a fine ranging from 10 million euros to 4% of the company’s profit annual global turnover. It depends on severity of breach. The maximum of 20 million euros or 4% of worlds profit turnover whichever is larger. The data subjects include unauthorized personal data exchange, infringements of data rights of citizens, etc.

On the other hand lower fine of 10 million or 2% of worldwide profit turnover will be applied to companies who mishandles the data.


GDPR and Citizens relationship

  1. GDPR will help consumers the right to know when their database is being hacked. Thus, it becomes an obligation of the organization to report to EU citizens about the activity so that they take appropriate steps to prevent hacking.
  2. Right to be forgotten‘ process under GDPR, which provides rights and freedom to people who no longer want their personal data processed.

The information provided is clear and understandable. Consumers are promised easier access to their own personal data in terms of how it is processed.