A good number of local companies are going to be impacted by GDPR

“In the wake of Facebook and Cambridge Analytica data security breaches, the EU has brought into force one of the most sweeping extra-territorial legislation on privacy. The EU’s General Data Protection Regulations (GDPR) are expected to come into force as from 25th May 2018. The main objective of GDPR is to protect  the ‘data subject’ in the EU, that is, a person living in the EU, from data privacy breaches. A key provision of the regulations is that companies will have to offer explicit opt-in consent notice presented in clear, easy-to-understand language, before collecting and handling EU users’ data.”

Source: Why EU’s data privacy rules matter for Kenyan businesses

What is General Data Protection Regulations (GDPR)?

The General Data Protection Regulation (GDPR) is a regulation adopted by the European Union in 2016 and became effective on May 25, 2018. The regulation replaced the previous Data Protection Directive and applies to all organizations that process personal data of EU residents, regardless of the organization’s location. The GDPR aims to protect the privacy of individuals and give them more control over their personal data.

Under the GDPR, personal data refers to any information that can be used to identify a person, such as a name, email address, phone number, IP address, or even a social media post. Organizations that process personal data must comply with a set of rules and principles regarding data processing, such as obtaining consent from individuals before collecting and processing their data, providing clear and concise information about the purpose of the data processing, implementing appropriate security measures, and reporting data breaches to the relevant authorities and individuals.

The GDPR also grants individuals a number of rights, including the right to access their personal data, the right to rectify inaccurate data, the right to erasure of their data, the right to restrict processing, and the right to data portability. The regulation also imposes significant penalties for non-compliance, including fines of up to 4% of an organization’s annual global revenue or €20 million, whichever is greater.