Digital Workplace

General Data Protection Regulations

On April 14th 2016, the European Parliament approved the General Data Protection Regulation (GDPR) which is to come into effect on May 28th 2018.


The GDPR will replace the Data Protection Directive (Directive 95/46/EC) as the primary law regulating the use of personal data of citizens of the European Union by companies. The GDPR specifies the material and territorial scope of its provisions, the penalties that may be incurred by companies and the conditions for consent that must be met by companies. The rights of a data subject are also defined by the GDPR. The important aspects of the regulation are given below:

  • Scope of the GDPR: The GDPR is to be adhered to by any company that uses the personal data of any user in the European Union. The actual location of the company and the location where the processing occurs are irrelevant.

  • Penalties: Maximum fines of 4% of annual global turnover or €20 Million, whichever is greater, may be imposed on companies that violate the GDPR. A tiered system of fines is defined to address violations of different severities.

  • Conditions of Consent: Consent from the data subject is required if personal data is to be processed and the consent must be easily withdrawn. Long and complicated Terms and Conditions forms will no longer be permitted.

  • Rights of the Data Subject

    • Breach Notification Obligation

    • Right to Access Information on Use of Personal Data

    • Right to be Forgotten

    • Right to Data Portability

    • Privacy by Design

    • Service of Data Protection Officers

© 2019 Created by Teaching Through Technology at Grand Valley State University  |  Terms of Use  |   Privacy Policy