How is GDPR Changing Over the Years?

The comprehensive data privacy law grants individuals the ‘right to be forgotten,’ demands reporting of data breaches within 72 hours of detection, and punishes firms with penalties of up to 4% of annual sales or €20 million, whichever is more, if they fail to abide.

  • The territorial scope has been expanded. It now covers all firms that process private information of individuals residing in the EU, irrespective of their location.
  • When gathering personal information, you must provide greater information to data clients
  • New rules apply to obtaining authorization to acquire personal data. Consent, both implicit and explicit, now necessitates a clear positive action.
  • The minimum age for data collection has risen from 13 to 16
  • You must erase material that isn’t being used for its intended purpose
  • People should be able to cancel their permission to data processing at any moment, and doing so should be simple. The data subjects must be given more control.
  • Unless the violation is unlikely to lead to a threat to data subjects, you have 72 hours to alert regulators
  • For grievances, there is a single federal office
  • A Data Protection Officer must be appointed by massive data processors

What has GDPR Changed Since Its Implementation?

Axel Voss, a representative of the European Parliament who was intimately invested in the GDPR’s development, feels the law has struggled to meet its goals, has resulted in tremendous bureaucratic and regulatory burdens, has hampered Europe’s digital revolution, and requires an immediate review.

  • Users have complete authority over their privacy under GDPR. They can choose who and why they wish to share their information with.
  • GDPR protects people from internal and external transgression

What Changes by GDPR are Still Needed?

One of the fundamental motivations for enacting the GDPR was to allow organizations with numerous presences across the EU to communicate with a single data security organization rather than 27.

How California Followed Suit?

In the future, GDPR is just one of a number of data privacy standards that businesses must be aware of. The California Consumer Privacy Act (CCPA), which entered into force on January 1, 2020, is the next significant test for businesses in terms of data security.

Wrapping Up

GDPR is just the tip of the iceberg in terms of what’s to come in the future.




The Enterprise Diary is distinctively focuses on five major industries i.e Technology, Healthcare, Finance, Manufacturing and Consulting.

Recommended from Medium

Tackling cyber threats together

The 3 P’s of Child Safety Online

Microsoft Emails were massively hacked — U.S. accuses China for the assault

Is data privacy a market failure?

{UPDATE} h Find The Differences 1 Lite Hack Free Resources Generator

Add more simple spam filters

The state of mobile app security

What is EC-Council’s Certified Network Defender training course program, and where is this learned…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Enterprise World Magazine

The Enterprise World Magazine

The Enterprise World, is a business magazine, a platform for all the master business minds to share their stories of success.

More from Medium

Bored Puzzles — The Next-Gen Puzzles Involving Lucrative NFTs

How Rich Aunties Are Made

What Is A Decentralized Autonomous Organization (DAO) And How Do They Work?

Science report: US should make less plastic to save oceans