GDPR (General Data Protection Regulation) is a topic that has built a lot of buzz in the past, but the legislation was first adopted in April 2016, with a two-year transition period allowing businesses to prepare for it until it came into full effect in 2018. 

As of May 25, 2018, all organizations in the EU – and many more around the world – need to comply with the European Parliament’s General Data Protection Regulation (GDPR) replacing the Data Protection Directive (DPD) of 1995. 

The General Data Protection Regulation ensures that people in the EU have better control over their personal data. But what are the GDPR guidelines and its implications? And what does it mean for companies and organizations that are outside the EU? Let’s find out more.  

What is GDPR?  

The General Data Protection Regulation was established in the European Union to address data protection and privacy within the EU and the EEA (European Economic Area), while also dealing with the transfer of data outside of these jurisdictions / areas.  

In a nutshell, this regulation dictates that specific data protection principles and systems must be implemented by any business or organization to safeguard privacy and data of its customers and users. Also, among other things, the GDPR guidelines specify that any data collection – as well as the purpose for the data processing –  must be disclosed, as well as if this data is being shared with other parties outside the European Union. The fact that other countries outside of the EU enacted similar legislation thereafter  shows how important – and necessary – the GDPR principles are.  

GDPR principles and personal data 

We are living in a digital era where technology is ubiquitous, and customer data is collected haphazardly. As a result, sometimes as individuals we don’t have much power (and/or knowledge) over how it may be used – and with what purpose. That is a point of concern, and, in that respect, what the EU is seeking with its GDPR guidelines is to guarantee people have a better understanding of how their data is used, and provide them with the right to control its usage. 

But how exactly do we define personal data? According to the European Commission, “Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.”[1] 

Under the GDPR guidelines, the concept of personal data encompasses that notion, along with mobile device identifiers, geolocation, biometric data, and IP addresses, for instance. It also includes data related to an individual’s physical, genetic, psychological, economic, cultural, or social identity. 

GDPR compliance and goals 

The goal of the GDPR principles is to significantly strengthen the rights of individuals, who will now enjoy the benefit to ask companies to reveal or delete the personal data they hold. Regulators, on the other hand, will be able to work in greater conformity across the EU, instead of having to follow different laws in each jurisdiction. 

In that sense, the GDPR requirements will bring more transparency in how organizations collect data about people. Going forward, some types of individual profiling will no longer be acceptable unless the person in question has wilfully consented. 

But how exactly does this work? GDPR compliance will be applicable to both data ‘controllers’ and ‘processors’. Let’s understand the meaning of these concepts. Controllers are companies using personal data, which might range from a one-person online retailer to multinational corporations. Processors are those companies that manage the data under the controller’s guidance. In the past, only controllers were accountable for any data breach or misdeed. With GDPR principles now in place, both controllers and processors are obliged to comply with the legislation, making it one of the main differences between GDPR and the previously established DPD. 

The GDPR requirements also apply to all companies that process personal data of people residing in the EU, regardless of the company’s location. 

Data protection: everyone’s concern; Ria Money Transfer’s priority 

At Ria Money Transfer, the confidential treatment of personal data has always been paramount and is an intrinsic responsibility for our business around the world. We welcome GDPR compliance and embrace the new legislation for the collection, use, disclosure and security of individuals’ personal data. 

Committed to complying with the new regulations and promoting a stronger sense of respect and security for the privacy of our clients, partners, and employees our parent company Euronet has appointed a Data Protection Officer (DPO). With this and the continued support of dedicated compliance officers and specialists, Ria will continue to provide a thorough approach to compliance, ensuring maximum safeguarding and an optimal personal data protection system. 

[1] European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en