The internet has become a fundamental component of everyday business. However, the use of the internet as a tool for business comes with significant issues, especially when companies collect and utilise their customers’ data. The General Data Protection Regulation (GDPR) was created for this purpose. GDPR is a step toward ensuring global recognition of the importance and value of personal information. Data controllers and processors who fail to comply with the regulation will incur significant punishment, where they would pay a fine of up to €20 million or four per cent of their annual turnover depending on which of two is the highest. Companies would avoid such punishment by ensuring the availability, confidentiality, resilience and integrity of the processing systems and services. The rules ensure uniformity in protecting consumers around the EU, which was not possible when different nations put in place different measure.
Privacy on the internet is a concern of most individuals, and the GDPR help to reduce any concerns about the situation. The GDPR was created to replace the Data Protection Directive (DPD), which had been in effect since 1995. All members of the EU are signatories to the European Convention of Human Rights (ECHR), and the Data Protection Directive (DPD) worked to ensure that the privacy of the individual was protected. An examination of the GDPR illustrates that the goals of creating such rules were two-fold. First, the process would help to ensure that there is a uniform approach to addressing privacy issues; it also offered individuals the ability to have more control over their privacy. Second, the rules helped to simplify the regulations, especially within the context of international business