In 2015, data protection is undoubtedly a major priority for companies and organizations of all sizes. As data breaches continue to increase in volume and frequency, organizations across the world have set out to better mitigate these risks and keep personal information safe. One such effort is the General Data Protection Regulation (GDPR), a regulation designed by the European Union (EU) to address issues surrounding the collection, retention, loss, and management of personal data.
The GDPR guidelines are centralized around addressing:
- Retention, handling, and retrieval of data
- Proper data disposal/destruction
- Regulation compliance
- Risk assessments
- Breach reporting/repercussions
- Security measures (physical & digital)
The GDPR was originally proposed in 2012, as officials were looking to replace the dated Data Protection Directive (DPD) issued back in 1995. Perhaps the largest upgrade to the DPD is that the GDPR is a regulation, giving it much more clout than its predecessor. In addition to covering all members of the EU, the regulation will extend to cover any foreign companies that operate within Europe.
The penalty for non-compliance? Hefty fines.
While both of these initiatives seek to protect personal information, there are several other differences that help differentiate the two.Some primary differences between DPD & GDPR:
Data Protection Directive
- Europe only
- Applies to Data Controllers
- Protected information when name included
- No breach penalties
- No breach notification requirements
Data Protection Regulation
- Global reach
- Applies to Data Controllers, Processors, and Sub-Processors
- All PII must be encrypted
- Breach.non-compliance penalties
- Breach notifications are required within a specified time frame