Since the Fourth Industrial Revolution has begun, big data has become very important in our lives. Along with that, personal information protection has become important, too. The European Union recognizes the importance of protection, so they amended the EU rules about information protection. On April 14, 2016, the European Parliament approved the General Data Protection Regulation (GDPR), which has received worldwide attention. It began being enforced on May 25, 2018.

The General Data Protection Regulation (GDPR) is a set rule about general information protection in the European Union. This is a regulation that replaces the Data Protection Directive from 1995. GDPR protects personal information like name, address, race or political opinion. This regulation’s effect is to give control back to individuals of their data. GDPR is a regulation, not a directive, so it is legally binding to all EU countries and affects all businesses that handle the data of citizens in EU countries.
GDPR states eight rights for people’s data. There have the right to information, right to access to the data, right of rectification, right to withdraw consent, right to object, right to object to automated decision making and profiling, right to be forgotten and right to data portability.
The new rights (the right to be forgotten, right to data portability and right to object to automated decision making and profiling) consolidate the data subject’s rights more than in the previous directive. The right to be forgotten is a right in which the data subject can have personal data erased, further dissemination of the data ceased, and potentially have third parties halt processing of the data. The right to data portability is the ability for a data subject to receive their personal data and transmit that data to another controller. Finally, the right to object to automated decision making and profiling gives data subjects the ability to prevent those actions.
The new regulation also details the penalty when a business breaks the regulation. The penalty is a fine up to 20 million euros, or 4% of world annual sales. This is a strong deterrent that should help prevent the most serious infringements.

The EU expects that EU citizens will be able to control their privacy and online information more than before by establishing the GDPR. It remains to be seen if this regulation is actually helpful. GDPR is the most extensive and strict set of data protection rules in the world, so many businesses and governments expect it can be the global standard and model for other countries. Accordingly, Koreans should be aware of regulations protecting personal information and take care to protect their own data.