General Data Protection Regulation (GDPR) is the regulation created to protect the personal data of EU citizens across Europe. The GDPR, which came into force in the member states of the European Union as of May 25, 2018, is about ensuring the security of personal data in large institutions and organizations in the member states of the European Union within the framework of the rules specified in the regulation.
GDPR covers all businesses that host personal data of their citizens within the borders of the European Union. Even if the company's location is not within the borders of the European Union, it is held responsible for the regulation as it collects the data of these citizens.
No personal data can be processed unless it is done as specified in the regulation or without the explicit consent of the data subject (personal data owner). The person concerned has the right to revoke this consent at any time. GDPR also covers data stored in the past. Serious fines and sanctions await businesses that do not comply with the GDPR of the General Data Protection Regulation.
These personal data are:
- Name, address, identification number - Location, IP address, cookie information, etc. internet data - Physical appearance data and biometric data - Race background information - Political view - Like medical data etc. includes data.
Forum sites that create user profiles, e-commerce sites that sell products and save user data, wordpress sites that allow commenting, etc. sites are affected by GDPR.
Issues to be Considered
- It does not matter where the companies that process the data of individuals living within the borders of the European Union are located. All businesses that process the data of citizens of the European Union member states are responsible for this regulation, regardless of their location. - High amounts of fines may be imposed for sites that do not comply with the regulation. - While obtaining personal data from the user, his/her consent should be obtained through a simple system and in an easy to understand manner, and its cancellation should be carried out in this way. - Violation notifications are mandatory for companies. - Users have the right to know which data is collected, where and how it is used, and how long it will be kept. - Users have the right to access the saved data and the right to update or delete their data. They can also impose restrictions on their data.