Some of the most important information for businesses and agencies to know about the new General Data Protection Regulation (GDPR) is this: there are big fines for breaking laws.
Companies that fail to comply with GDPR will face fines of 4% or more of their total worldwide turnover, and these fines increase over time. While this may sound like a lot, it’s estimated that some companies could pay up to $23 billion in penalties.
The European Union has been holding meetings about the new regulation since 2012. They have tried to create a good system, with laws that are similar to the ones in most US states. Fomoco News has some more information about what you need to know about the general data protection regulation.
These laws protect the rights of consumers and sometimes cost companies money for violations of these laws. For example, HIPAA requires most healthcare providers to encrypt all PHI (protected health information). If they do not, they can be fined up to $50,000 per violation.
These are some of the ways that GDPR is different from HIPAA.
- First, GDPR can be adjusted by any member state when they need to update something for their own region. It is not limited only to Europe or only within certain countries in Europe. Any changes made will need to be made public and discussed with the rest of the European Union.
- Second, GDPR is a regulation , so it has the full force of law in its region. Any company found in violation of GDPR can be fined up to 4% or more of its total worldwide turnover, which is a lot. HIPAA, on the other hand, is a set of rules , so violations do not always result in fines.
- Third, there are no penalties for not reporting breaches under HIPAA or for not encrypting PHI under HIPAA. These are simply recommendations for healthcare organizations.
- Fourth, one major difference between GDPR and HIPAA is that GDPR applies to personal data of EEA (European Economic Area) citizens. HIPAA only applies to certain types of health records, which are very specific about what can be protected under these laws.
For example, Social Security Numbers can’t be protected under HIPAA because they are identifiers that define citizenship, not health records.
- Finally, there is a huge difference in the language used in the two laws. HIPAA uses very formal language and is very detailed and specific with what can and can’t be protected.
For example, HIPAA allows “exceptions for certain health care providers to use non-clinical identifiers in their patient directories or electronic medical record systems.”
The goal of GDPR is to protect all of your personal data and to provide transparency around how it’s being used. In light of this, we’ve compiled a comprehensive overview about what GDPR means for both businesses and individual citizens in Europe, as well as tips on how to prepare for its arrival.
Data Protection Legislation in Europe
The General Data Protection Regulation is the latest in a long line of data protection legislation in Europe, which includes the Data Protection Directive 95/46/EC that was implemented 20 years ago.
The Data Protection Directive was the first to provide the foundation for current data protection law across Europe. Since then, 19 EU member states have adopted national laws providing similar standards of privacy protection within their countries.
The GDPR builds upon all of the existing data protection legislation and standards, but aims to make it much easier to understand and fully enforce across all 28 EU member states.
It has been adopted by the European Parliament This replaces all other data protection legislation including the Data Protection Directive – and will be applicable from 25 May 2018. Member States have two years after this date to make any necessary legislative changes to comply with GDPR.
What is Personal Data?
The definition of personal data under the new legislation is much broader than it was under previous legislation. Instead of being limited to name, address, and phone number, it now includes IP addresses, biometric data, online identifiers (e.g., IP addresses), physical data (e.g., photographs), and location data.
Why is the EU Regulating Personal Data?
The EU is working toward a digital single market throughout the whole region. This means that when an individual in one country stores or even just accesses their personal data in another country they have the same level of privacy protection they would have in their own country.
Currently this isn’t possible because different countries each have their own set of personal data protection laws which are confusing for both citizens and businesses alike.