What is GDPR?
GDPR; General Data Protection Regulation is a regulation that requires businesses to protect the personal data and privacy of EU citizens. GDPR is vastly different from the old regulation; EU Data Protection Directive which was established in 1995. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies. The new regulation is intended to help protect the privacy and rights of individual consumers and giving data subjects more clearly delineated rights. GDPR is designed as a direct replacement for the Data Protection Directive. The new General Data Protection Regulation (GDPR) goes into effect May 25, 2018.
Top key changes in GDPR
1. GDPR applies to all organizations holding and processing EU resident’s personal data even organizations outside the EU.

2. Fines for noncompliance can be as high as €20 million.

3. Consent must be clear and easy to understand.

4. Breach Notification must be done within 72 hours of first having become aware of the breach.

5. For Right to Access, the controller has to explain for what purpose to use data and the controller shall provide a copy of the personal data in an electronic format without any charge.

6. Residents of the EU can submit request to delete their own data that is not being used.

7. EU resident has right to request that data be transferred from one service provider to another.

8. The controller should consider the privacy of collected data at all steps.

9. For the security of personal data, the controller needs to hire a Data Protection Officer (DPO) to monitor data processors.
เริ่มบังคับใช้อย่างเป็นทางการกับกฎหมายคุ้มครอง GDPR
How does GDPR affect on non-European companies?
Before GDPR started to be enforced, massive Data breach occurred in many countries especially big companies in Europe that impacted on stability so GDPR was created to control and protect data of EU citizens. For non-European citizens, the GDPR does not only apply to companies in the EU but also to companies outside of the EU that market goods or services to EU residence. Therefore, this regulation and penalties enforce to all companies who either control or process data of EU citizen.
The Impact of GDPR on Business
Regarding GDPR, “personal data” includes IP addresses, location data, personal information and online identifiers. GDPR also covers medical records and other uniquely personal information commonly transmitted online. Essentially, the GDPR protects any personal user data across virtually every conceivable online platform.
Currently, GDPR has impacted both EU and non-European companies who have personal data of EU citizens. Electronic Government Agency (Public Organization) (EGA) of Thailand has forecast some businesses such communication, import/export, travel agency and airline business which collect large personal data of EU resident could get big impact from GDPR. Health service which has patients ’s data also might get effect of GDPR. E-commerce business, App development company, Data Center and Cloud provider obviously have to comply with GDPR.