General Data Protection Regulation(GDPR)

General Data Protection Regulation(GDPR): All you need to know

This article on ‘General Data Protection Regulation: All you need to know‘ was written by an intern at Legal Upanishad.


In this article we will discuss data protection, what the term GDPR means, and how and when it came into force. We also see the applicability of GDPR. This law played a vital role for consumers/citizens, we also see the fines and penalties for non-compliance. At the end of this article, we will discuss certain suggestions which can be seen in the field of data protection in near future.

What is GDPR?

A fresh set of guidelines giving EU residents more control over their personal data. They may now access the data that businesses have kept about them and find out where and how that data is being utilized. Right to be forgotten- they can have their data and can transfer it to different provider companies like Google, and Facebook store oceans of data tracking hundred and millions of users who rely on their apps and services, and websites.

What does GDPR stand for?

GDPR stands for General Data Protection Regulation. It is the core of the digital data privacy law in the European Union.

How and when it came into force?

In January 2015, to make Europe “fit for the digital age” the European Commission plans for setting data protection standards for the European Union. The agreement reached the stage of enforcement after almost 4 years of its being proposed. The General Data Protection Regulation was implemented as one of the reforms’ primary elements (GDPR). This new EU framework has ramifications for businesses and people throughout Europe and beyond, as it is in all member states.

It commenced on May 25, 2018. The General Data Protection Regulation (GDPR) replaces the 1995 Data Protection Directive that enhances and expands the current data protection system in the EU.

Applicability of General Data Protection Regulation(GDPR) on personal data

Practically, all data points that a business gathers across every imaginable internet platform are governed, especially if they are used to specifically identify an individual. It also includes information that websites frequently need, such as IP addresses, email addresses, and details about physical device information. The following categories of personal data are protected under GDPR:

  • Basic details of your identity
  • Web data
  • DNA and health information
  • Data biometrics
  • Racial or ethnic information
  • Political slant
  • Sexual preference
  • Any details pertaining to an identifiable or named living person

Basic details of identity include social network postings, private photographs submitted to websites, health records, and other very intimate information frequently shared online are examples of user-generated data.

GDPR imposes legal requirements on processors to keep track of personal data and the way it is handled, resulting in a far larger level of legal accountability might the organization be in violation. The controllers must make sure that any agreements with processors adhere to GDPR.

Role of General Data Protection Regulation(GDPR) for consumers/citizens

Granting customers, a right to information about data breaches. To ensure that EU citizens can take the necessary precautions to prevent their data leakage, associations are expected to inform the effective regulatory bodies as soon as feasible.

Customers are also guaranteed improved access to their data in terms of the way it is handled, with businesses being compelled to clearly and understandably explain how they utilize consumer information.

Some businesses have already taken steps to guarantee this is the case, even if it is as simple as informing customers via emails how their data is being used and providing them with an opt-out option if they choose not to give their agreement to be a part of it. Many businesses, including those in the marketing and retail sectors, have gotten in touch with customers to see if they’d be interested in joining their database.

The consumer should have a simple mechanism to choose not to have their information included on a mailing list in certain situations. Other industries have been cautioned that they need to do a lot more to ensure GDPR compliance, particularly when consent is required.

GDPR clarifies the “right to be forgotten” procedure, giving persons who no more desire their private data processed extra rights and freedoms to have it erased, assuming there are no legitimate reasons to keep it.

General Data Protection Regulation(GDPR): All you need to know
General Data Protection Regulation(GDPR): All you need to know

Fines and penalties for non-compliance

A fine for violating GDPR may range from 10 million euros to 4% of The company’s yearly worldwide revenue, a sum that for some could be in the billions.

The severity of the infraction and how seriously the company was found to have addressed compliance and security regulations determine the amount of the fine.

The maximum fine for breaches of data subjects’ rights, unauthorized transfers of personal data abroad, and disregarding or failing to follow protocols for subject user access to their data is 20 million euros, or 4% of total revenues, whichever is higher.

Other data misuse by companies will result in a lower fine of 10 million euros or 2% of annual turnover. They consist of but are not limited to, failing to notify a data breach, omitting privacy by design, neglecting to ensure data protection is implemented from the first phase of a project, and noncompliance by designating a data protection officer, should the company fall inside the scope of the GDPR’s obligation.


The introduction or modification of data protection laws appears to be influenced by GDPR in many different nations and regions of the world. Since the implementation of the GDPR, a number of nations, including Brazil, Japan, South Korea, and India, have indicated they would amend their laws governing privacy.

The California Consumer Privacy Act, which goes into effect on January 1st, 2020, has provisions for Silicon Valley, California, to develop its data privacy legislation.

The adoption of this regulation amid the fervor of the technology sector seems to imply that concerns about privacy and consent could alter Silicon Valley’s business model.


The regulation has 11 chapters and 99 articles which can’t be explained in limited words article, but we have discussed all the important facets of the General Data Protection Regulation(GDPR) in this article. We talked about the application of the regulation and the consequences for its non-compliance. We see the role it played for the customers and look into certain changes which can be made in the regulation.

Reference List

  1. General data protection regulation, available at – (visited on September 24, 2022)
  2. GDPR compliance regulation, available at – ( visited on September 25, 2022)
  3. What is GDPR? Everything you need to know about the new general data protection regulation, available at – (visited on September 25, 2022)