In a radical move to reform the existing Data Protection Directive that was established in 1995, the new EU regulation, GDPR has been formulated and is prospected to be in action from 25th of May 2018. The ever-evolving media-scape and internet world calls for updated laws and regulations for data privacy and security. The objective of GDPR is to simplify, unify and update the protection of personal data. As a part of the new regulation, the companies would be moved from a tick-box compliance system to the security and privacy of personal details. Provision for any company that does business with EU residents to apply for GDPR, mandatory data processing registries and organizational measures for personal data protection and tiered approach for penalties to curb the breaches of personal data, are some of the striking features of GDPR.
The nature and scope of the notion of personal data has broadened to include online identifiers. The compliance with GDPR requires a major change in the legal and technical side for an organization that makes it challenging for effective implementation. However, a new integration into GDPR can open limitless possibilities to strengthen data protection and privacy.