When the European Data Protection Directive was introduced in 1995, lawmakers were addressing the risks posed to personal data that existed during the formation and early years of the Internet. To ensure that the protection of personal data remains a fundamental right for EU citizens GDPR aims to modernize outdated, and unfit-for-purpose privacy laws.
The impact of GDPR is significant as it affects any business that collects data in Europe (whether they are based in Europe or not). It has effectively introduced the first global privacy standard. GDPR puts a greater weight of responsibility on individuals and organizations whose businesses involve the collection of personal data and requires those businesses to give individuals greater visibility into and control over the data they provide to those businesses. GDPR also provides greater protections for EU citizen data by imposing strict obligations on data handling, while making businesses more accountable for how they handle data. Very significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on organizations who fail to meet their obligations concerning handling data under GDPR.
