General Data Protection Regulations or GDPR is the new Privacy Protection Regulation adopted on 27th April 2016 by the European Union in replacement of the earlier Data Protection Regime. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The new Data Protection Act 2018 replaces the 1998 Data Protection Act.
The nucleus of the GDPR is to protect the personal data and privacy of all citizens in the EU. It makes companies accountable for the data it collect, store, analyse and use. The development will not only change the business landscape in the EU but also influence global markets and multinationals.
These privacy regulations which come with restrictions on non-transferability of EU data to non-compliant countries make it highly relevant for countries outside EU also as it could make or mar the data processing industry.
What distinguishes GDPR from the earlier regulations is the high level of penalties envisaged under the regulation which may go upto Euro 20 million (approximately Rs 140 crores) or 4% of global turnover of a company and will be applicable even for Non EU based companies.