General development privacy regulation is a rule which was declared by the European Union law for the protection of data privacy of normal persons and keeps it personal data safe which can be passed on securely. It was declared in the year 2016, 27th April in the name of “Regulation EU 2016/679” in European Parliament. After a whole 7 years of brainstorming the law finally got implemented. It is a re-written or replaced version of the 1995 Data Protection Directive which gave the minimum service in the protection of privacy of the data. Whereas with the new GDPR it has strengthened more the personal privacy of an individual. An individual can easily demand the company he is working to delete all his personal data that he doesn’t want to shared or opened out.
This General development privacy regulation was a storming decision for the protection of the personal data and it was being implemented by every country. Which made the common men individual power more strong. If an individual accuses a company of their having illegally held his personal data then the individual has every right to file a case against that company to delete all the personal data that is related to him and the company is bound to delete or omit all the things he has asked for. This is the first time when a regulation got so strict for the companies and helping the individuals. And this, not it if some company doesn’t follow this rule that company will be charged with a fine of €20 m (£17.5m) which is somewhat the 4% of the yearly turnover of the company.


General development privacy regulation decision the companies get affected a lot mainly those companies who keep the consumer information or data which involve technological firms, marketers, the data brokers and all. It has become a very difficult and direct task for them as they always have to keep this in their mind and work accordingly. It becomes a huge burden for any company to first access the data that is required and then delete all the data.
Its most of the effects can be seen in those companies whose main work is to get the relevant data from the required consumers and then exploit the data because now the company has to take the consent of the consumer if they want to use it and if the company has to use the data then they have to revise it and reuse it with the individual’s consent.


There the different things which are involved in the GDPR and are considered as the personal data. The data that are considered to be personal is being divided into the various organization now which even includes the very important online identifier that is the IP address which is now considered as the personal data.

The information like the medical health records, economic, cultural information are all included as the identifiable personal data. The personal information that is Pseudonymised always fall under the GDPR regulations as it depends on how easy or difficult way the data can be found. All the things and the data that come under the act of Data Protection Act will also be coming under the General Development Privacy Regulation.


The data which in entered and the processing of the scope data that can or can not be identified of the subject of the data, this information of the data subject is known as the personal data.

The common data such as the name, place of birth, date of birth, picture, email ID, address are considered to as the personal data in the data processing.

The other data like the less evident data, other related data, and identifiers that are more useful for the digital platform which is also included in the personal data. The personal data include the identifiers such as the location data, behavioral data which can be known before through the new technologies involved like the IoT or Internet Of Things, Face recognition, Voice recognition, cookies, RFID etc. are all involved finding the required data and the data can also be taken with the help of the Government registration and all.

Eventually, Personal data and the sensitive data are not different both are the same whereas we can the personal data sometimes is considered as the sensitive data. The data which are sensitive require a lot of additional protection to the data with a stipulation. The sensitive things like the medical history someone, ethnic history, genetic identity, cultural background, religious beliefs etc.


People can access this act of general development privacy regulation at regular and reasonable intervals. The main intention of this rule is to give the people the most possible access to the data that is given to them. And the controllers to whom the customers ask about their data would be having a month time to comply and give the data or delete the data and tell the consumers about it. The controllers who take on the data and the processor who process the data have to inform for what purpose they have taken the data? and in which field they are using it? And what is the main motive behind it? And the various ways they will be using it.

The act also says that the language should be very easy and must be user understandable language. It should be simple in language through which the consumers can know easily where their personal data are being used without being confused about the misuse of the data provided. Which officially made an announcement of the end of all the difficult terms, language, conditions which were previously involved.

Now the people can easily enjoy their right to know everything act. As the companies are now bound to disclose everything to the consumers that are related to them, that every small information that is involving their personal data may be directly or indirectly, for how long are going to store the data, and who all are going to see the data. And is the provided data is secure with all the controllers and processors working on it? People can even question when the data provided by you and the data shown by them is different. So, this act is like an advanced and enhanced “Right to Information Act”.


The fines stipulated for the violation of the gdpr is the 4% of the annual turnover of the company or 20 Million Euros with the additional money that is the difference in both the amount goes to the consumer. These are the maximum amount of the fine money that is being implemented and it is always not necessary that the organization has to pay always sometimes while in the case of non-compliance or the breaching of the personal data contract the company is not required to pay the amount to the customers.

In the European Union, the GDPR cases have already been found resulting in the high amount of the fines being imposed on the companies. And it is very hard to believe that the penalties will be imposed on each and every company in any case who have kept the personal data of the people and not having their consent to use it. It can easily be seen that the people are in authority for everything or every information they provide to the others for their use. Whereas there are some other aspects such as the breach severity, non-compliance of the data, compromising with the data and the rights for the subject and in between all these what has happened with the original data taken.

The GDPR fines and penalties would be high when the personal data are being sent to offshore to some other country or some other company without the consent of the source person. The fines would be the highest in this case. There are different fine and penalties mechanism for the different breaches, non-compliance cases. But for the offshore sharing of the data without the person’s consent, the fines are a bit low which are 2% of the total annual turnover of the company or 10 million Euros would be given to the concerned person. This doesn’t include the reports of the data breaching and ignores the designing rule privacy. To know more about the fines and penalties refer to Article 23. Some more implementation of the similar type of the fines is coming soon.

Whereas the penalties in the General Data Protection Regulation are keen to introduce more other similar fines like this for the company who doesn’t respect the law that supports for the protection of the data privacy the DPA or the data protection authority can take the necessary steps which include:

  • Impose the fine or penalty on the company.
  • Take other necessary actions on the company.
  • Take both in account penalty and necessary action against the company.


This is a big step taken across the European Union which would definitely result in the working of the data processors more effectively and more carefully for using the old data for the new purpose. And the working of the controllers and processors becomes a very difficult task as they have to work very precisely.
Whereas the old data may sometime help the start-up for setting up the business and it is not easy for them to collect all the data again from the source then remodel it and use and the most important thing to get the consent of that person to use it becomes a very difficult task for them.
And presently this is being implemented in the UK laws and the parliament committed to maintaining it forever, we hope to find this kind of law everywhere not only in the UK.