GDPR: what it is and what is new

From 25 May 2018 the new General Data Protection Regulation, the GDPR, will enter into force.
The new regulation on privacy will affect all the States of the European Union that by May 25 will have to adapt to the new rules.
The GDPR will replace the current Data Protection Directive 95/46 / EC, which dates back to 1995. The old code has not been repealed but steps have been taken to make it more suitable for the development of the digital market.
After several years of work by the European Commission and after the scandal involving Facebook and Cambridge Analytica, the new regulation consists of rules on the protection of personal data with the aim of guaranteeing total control over their data to European citizens. personal data and simplify the rules for companies that manage such data.
The most significant changes that have been made to the GDPR are basically 3:

- EXTRATERRITORIALITY: the new rules of the GDPR protect the data of all citizens residing in the European Union and are applied to all companies that offer goods and services, whether paid or not, and that monitor the behavior of individuals residing in the EU .
- SANCTIONS: Salary sanctions will be applied, which can even reach 20 million euros for all companies that will not comply with the regulation. A company is subject to sanctions if it does not have adequate policies to consent to the processing of personal data or uses them for purposes other than those that it has acquired.
- CONSENT: it is necessary that the user has given consent to the use of his data; companies that collect or process personal data must be clear to users to avoid any misunderstanding. The privacy conditions must be written in simple and understandable language. It is to declare how the data requested by the user will be processed.
- PORTABILITY: the user now has the right to transfer his personal data from one data controller to another.
- RIGHT TO HOB: the user can request, at any time, a holder, the cancellation of their personal data, if these have been made public or sold to third parties, subject to authorization, the holder is obliged to transmit the request for cancellation to all those who use them.

Companies will then have to guarantee users transparency, the purpose and use of data must be clear and the data controller is responsible for maintaining and protecting users' personal data.