If the GDPR is news to you, you’re probably wondering when did GDPR go into effect and how it applies to your company’s practices.
The General Privacy Data Regulation is designed to protect sensitive data of European Union (EU) residents. If your business collects, stores or processes consumer data from the EU, you must be GDPR-compliant—or face fines up to 20 million pounds.
Here’s an overview of the GDPR’s history and what it means for you.
History of the GDPR
The GDPR officially went into effect in 2016, but European Union member states had until May 25, 2018 to fully implement GDPR policies.
Privacy rights have been recognized for decades now. The 1950 European Convention on Human Rights stated, “Everyone has the right to respect for his or her private and family life, his or her home and correspondence.” The GDPR is a direct response to these recognized rights.
In 1995, the European Data Protection Directive (Directive 95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data was adopted. This paved the path for stricter GDPR regulations.
According to GDPR.eu, “As technology progressed and the Internet was invented, the EU recognized the need for modern protections. So in 1995 it passed the European Data Protection Directive, establishing minimum data privacy and security standards, upon which each member state based its own implementing law. But already the Internet was morphing into the data Hoover it is today. In 1994, the first banner ad appeared online. In 2000, a majority of financial institutions offered online banking. In 2006, Facebook opened to the public. In 2011, a Google user sued the company for scanning her emails. Two months after that, Europe’s data protection authority declared the EU needed ‘a comprehensive approach on personal data protection’ and work began to update the 1995 directive.”
The original GDPR regulations were initially discussed in June 2011. Previous e-privacy laws were considered insufficient for the changing times. The European Data Protection Supervisor published an opinion on the European Commission’s Communication.
Over the next five years, the regulations were refined and reviewed until the entire EU approved. The GDPR was adopted in 2016, and went into effect on May 25, 2018.
When Did the GDPR Become Enforceable?
All countries had until May 25, 2018 to become GDPR compliant. Because the regulations determine how companies can collect, store and process data, any companies directly doing business in the EU or tracking consumer information in the EU are subject to enforcement.
Today, you are required to comply with the GDPR—even if you don’t intend to do business in the European Union. Depending on the nature of your data collection and processing, the GDPR regulatory authorities are allowed to enforce the law, no matter where you’re located. Websites that use tracking cookies or collect emails for marketing purposes could run afoul of the law.
Tips for Staying Compliant
Find solutions with SixFifty
SixFifty’s legal technology makes it simple to keep up with GDPR regulations. Instead of hiring outside counsel, we make expert legal help accessible to everyone within just a few clicks of the mouse.
Free up your legal department’s valuable time, and let everyone focus on their unique talents. If you’re ready to get started or have further questions, schedule a demo with SixFifty today.