What is the General Data Protection Regulation (GDPR)?

general data protection regulation

As businesses increasingly conduct their operations online, national governments have responded by creating security regulations, such as the General Data Protection Regulation. The GDPR was created by the European Union in 2016 as a replacement for the earlier and less strict Data Protection Directive. These laws are intended to protect Internet users’ privacy and prevent the damage and losses caused by online fraud and identity theft.

Data Privacy

The GDPR is a new set of rules designed to protect Internet users’ personal data and create a consistent online experience in all member countries of the European Union. Any company wishing to do business in the EU must follow the laws laid out in the GDPR. They explicitly prohibit the collection of personal data from Web users without their consent. Companies collecting personal data from users must first acknowledge what they’re doing and then take steps to make all collected data anonymous to protect user privacy. Internet users must be notified if there is a breach of their data, so malicious attacks and data thefts must be reported to all affected users. Companies also must take precautions to transfer user data securely across national borders. Large Internet companies have responded to these laws by hiring GDPR executives to oversee legal compliance.


The GDPR contains several new regulations that standardize the way Internet users interact with businesses online. Under the new regulations, users must be able to transfer their personal data from one company to another, whenever they choose to switch providers or sign up for a new service. Users also must be able to completely remove their data from a company’s servers. The regulations also stipulate the steps that a company must take in the case of a data breach. Customers must be notified within 72 hours of any attack that compromises their privacy or security. They must be told the nature of the breach and approximately how many users have been affected. If a security breach places users at high risk of data theft, they must be notified as quickly as possible. Companies that store large amounts of data must hire security officers to ensure full compliance with the regulations of the GDPR and to communicate with the supervising legal authorities. According to Forbes, any company doing online business in the EU, including companies based in the United States, must comply with the GDPR.


The penalties for non-compliance with the GDPR are more severe than for non-compliance with the Data Protection Directive. Regulators have greater authority over the implementation of the new rules. They’re responsible for ensuring that Internet companies comply with the regulations and for issuing penalties when the rules are broken. Depending on the severity of a violation and the size of a company that violates the law, the penalty can be quite serious. Regulators may choose to set an example by severely punishing a company that doesn’t sufficiently comply with the GDPR. Fines for violations are determined on a case-by-case basis, and the supervising authorities have complete discretion over how large the fines should be. The best way for companies to protect themselves and their customers is to read and understand the new regulations laid out in the GDPR.


Running an online business comes with many responsibilities, and business owners need to protect themselves and their customers from the dangers of fraud and identity theft. All businesses providing products or services within the borders of the EU must fully comply with the General Data Protection Regulation.

Related Resources:

Find Your Degree
Scroll to Top