What are the GDPR Rules?

Image Source

The GDPR or the General Data Protection Regulation is one of the protection designed for the citizens of Europe. Consider the continuing advancement of the technological era. It is right to create or to set protection when it comes to digital privacy. The GDPR is comprised of rules that are designed for the European citizens to have control and protection with their digital personal data.

Reaching this post means you have a thousand questions in mind about how it works, what the rules are, and how to comply. Well, to give you enlightenment, we will provide all the practical information about how GDPR works for the EU citizens. Allow this article to help you out in being aligned with the protection of this internet-connected age when it comes to privacy, personal data, and consent.

Understanding How GDPR Works

Image Source

Let’s face it. The digital age provided numerous benefits to its users. Instant messaging, virtual meetings, online shopping, vlogging, electronic mailing, and other activities done on the internet indeed makes the life of the people easier. Imagine the number of hours saved, the minimized effort, and the efficiency technology can provide. With all these benefits, know that they come with risks that require the presence of GDPR.

Back in April 2016, the European Parliament, as well as the Council, created an agreement about the implementation of the General Data Protection Regulation or GDPR. This serves as a replacement for the current Data Protection Directive 95/46/ec implemented back in 2018. This will now serve as a primary law that will regulate the way companies protect the personal data of the EU citizens. As of May 2018, the regulation of GDPR started, and the companies should comply with its requirements. To those companies who fail to comply with the GDPR requirements and deadline will be provided with fines and penalties accordingly.

To whom does the GDPR apply? All the members of the European Union are entitled to the GDRP requirements. The objective is to maintain the consistency of the protection of data of every consumer across the different nations of Europe. The requirements of GDPR for data protection and privacy are as follows:

  • Practicing anonymous data collection to maintain privacy
  • Transferring of data locally and globally are handled safely
  • Designate data protection officers to keep track of the GDPR compliance of different companies
  • Require consent from the subjects prior to data processing
  • GDPR requires mandatory standards for companies that are designated to maintain and handle the protection of EU citizens’ personal data.

8 Rules or Requirements of GDPR

Image Source

There are eight articles that support all the requirements of GDPR. Read on and know the brief information each of them contains.

1.   Articles 17 & 18

For articles 17 and 18 of the GDPR, it contains the control of the subjects over their personal data and how they are automatically processed. This explains how the data subjects’ results transmit data from their server to the service providers efficiently, which is also called as “right to portability.” They also have the right to erasure, which deletes all their personal data due to different circumstances that may occur.

2.   Articles 23 & 30

Articles 23 and 30 contains the companies’ requirement to comply with the terms of GDPR, especially data protection, setting boundaries and protection to the personal data of the consumers against a breach, exposure, and loss.

3.   Articles 31 & 32

In the context of GDPR, the data breach is of its primary responsibilities. Article 31 explains the requirements accustomed to single data breaches. Within 72 hours of an identified breach, the SA or the Supervising Authorities should be notified by the controllers provided with the specific details of the breach as well as the personal data affected. For article 32, as soon as a data breach arises, the data controllers are highly required to notify all the subjects concerned in the data breach as soon as possible.

4.   Articles 33 & 33a

For articles 33 and 33a, it explains how all companies should comply in performing Data Protection Impact Assessments that will help in determining the different risks when it comes to consumer data. The Data Protection Compliance Reviews, on the other hand, aid in addressing the subjects at risk

5.   Article 35

Discussing the context of article 35, certain companies are required to hire or designate data protection officers. This is highly required for those companies that involve data processing activities that reveal the subjects’ genetic data. The data protection officers are directly in contact with the supervising authorities.

6.   Articles 36 & 37

For articles 36 and 37, they contain the outline for the data protection officer position, including their job description and responsibilities in compliance with the GDPR.

7.   Article 45

Article 45 contains the extension of the data protection requirements as per GDPR to the companies across boards to acquire and process the personal data of the European citizens which requires them to comply with the requirements of GDPR the same way EU-based companies do

8.   Article 79

Article 79 contains the outline of the penalties for those who will not comply with the requirements of GDPR. It can lead up to 4% of the company’s global revenue on a yearly basis deducted depending on the complexity of the violation.

4 Tips for GDPR Compliance

Here are the four takeaways from this article about GDPR compliance. Read each one carefully and allow it to serve as a guide in complying with everything written with the GDPR guidelines.

Tip 1: Read the GDPR Guidelines Carefully

Take time to read the GDPR guidelines. Some words, phrases, or sentences may seem jargon to you, so it would be best to consult those who speak the legal language. Read and understand carefully everything written on the outline. If you do not have or know someone who can help you understand the content, you can just look for the definitions of the words they are similar to.

Tip 2: Look and Compare with Other Organizations

Businesses across the globe are highly affected by the regulations of the GDPR. It’s not just the European Union. If you still poorly understand how it works and what the requirements are, it would be best to look for and compare it with the implementation of other organizations. The best way to understand the nature of GDPR is to reach out to those who comply with the requirements. There are numerous micro and macaron businesses who share the steps they undergo to successfully comply with the GDPR regulations.

Tip 3: Secure and Maintain Your Website

There are easy ways on how to set up opt-ins, cookies, and data storage on a website. When it comes to these, it’s a completely different matter with GDPR compliance. Considering that there are numerous tools and application that aid in data collection and data storage, always ensure that your website and business complies with GDPR.

Tip 4: Always Check Your Data

The EU properly maps the transmission, storage, deletion, and transfer of data. These processes must be ensured to comply with the GDPR in order to prevent penalties from occurring. Be acquainted with the routes of personal information because this plays an important role in preventing unwanted situations such as data breach, loss, and exposure


In conclusion, GDPR is not optional but strictly mandated for the digital security of the EU union. The process may seem tedious and complicated, but it benefits all the subjects involved and protecting their personal data from being exposed, transferred, and lost without the subject’s permission. It is just right to implement this kind of digital security, considering that all online activities make your personal data at risk.

10 Ways to Get Rid of Malware

What Are GDPR Fields?