GDPR 2021: A Review and Roundup
The General Data Protection Regulation (GDPR) was enacted on May 25, 2018, in response to the need for updated and uniform data protection and privacy laws in the European Union (EU) and the European Economic Area (EEA). The GDPR provides individuals with control over their personal data and streamlines international business practices.
How the GDPR Relates to Older Legislation
The 3-year-old GDPR supersedes the EU’s Data Protection Directive (Directive 95/46/EC) from 1995 and the U.K.’s Data Protection Act 1998. While these directives dealt with the protection, lawful processing, and handling of personal data, they were in accordance with the technological capabilities of yesteryear. The dated directives were no longer in line with the technological advancements of current times, prompting the need for the GDPR. Note that the U.K.’s Data Protection Act 2018 complements the GDPR.
Six Data Protection Principles
The GDPR cites six protection and accountability principles that must be complied with (Articles 5–11). Personal data must be:
- Processed lawfully, fairly, and transparently
- Collected for legitimate purposes specified to the data subject at the time of collection
- Limited only to what is necessary
- Accurate and kept up-to-date
- Stored only as long as necessary
- Processed in such a way that ensures the appropriate levels of security, integrity, and confidentiality. [Readmore]
