Sujit Choudhry Talks About How Violating The GDPR Can Be Costly To Businesses

Sujit Choudhry says it is not the location of the company that concerns the EU regulation. It is all about the EU consumer. Any business that works with an EU consumer has to protect them under the GDPR. This directly affects US companies with an EU target market. Under the GDPR any outside company doing business with an EU resident is considered a controller. That is why they must follow the GDPR regulations, get info on (Works.bepress.com).

 

Any Punishment For Violation?

Sujit Choudhry says the GDPR regulations are strict. Global businesses that do not follow the guidelines could face astronomical monetary penalties. A good example is for businesses that fail to report data breaches like loss of personal data or unauthorized access within 72 hours of becoming aware could be fined 10 million euros or 2 percent of global income. The bigger the amount will be charged. Any unlawful transfers of data from EU residents can get fined 20 million euros or 4 percent. The larger amount will be charged. With the GDPR, individual protection includes the ability for consumers to sue for their own rights. Consumers now have more control over their data than they’ve ever had. Sujit Choudhry says the point is to protect the data so nothing can be done with it without consumer consent. The personal data includes any ID numbers, location info, online ID, genetic data and more. Consent can also be withdrawn at any point, which falls under the EU “right to be forgotten” idea, more details on (Crunchbase.com).

 

Right To Be Forgotten Concept

Sujit Choudhry further explains the “right to be forgotten” idea. He says the GDPR did not come up with that. The GDPR is just an expansion of the regulations that were placed in 1995. In those previous regulations “right to be forgotten” was listed, know more updates on iconnectblog.com. Google Spain went on to further define this concept and the GDPR did as well. It has existed for over 20 years. Now the law explains when and how the concept can be used. It also explains the range of data protection and any limitations. The right to be erased now means not absolute and not unrestricted. Google Spain took part in this by adjusting how search engines provide links, see http://www.law.nyu.edu/news/choudhry_award.

Leave a Reply

Your email address will not be published. Required fields are marked *