The General Data Protection Regulation was introduced on May 25, 2018. This regulation applies to those who collect and process data of individuals and organizations based in the EU. The applicability of this regulation is dependent on where the data is collected, not where the company is.
The GDPR does not apply only to EU citizens. Non-EU citizens that are within the EU borders are also guaranteed the right to privacy. Their information is processed per GDPR regulations. Organizations collecting the data should comply with this rule. If citizens of an EU country have their data collected outside the EU, their data is not subjected to GDPR protection.
The primary function of the GDPR is to ensure everyone within the EU is guaranteed the right to privacy. This right should be accorded to the individual regardless of their member state and is their fundamental human right. To achieve this, the GDPR has ensured that this right is enacted in all EU member states. It has resulted in the collection of personal data securely and cohesively. This has ultimately protected the privacy of individuals, though the system is different in the United States.
The laws in the United States of America do not guarantee the right to privacy. The collection of data is regulated based on the type of data discussed. Various organizations and bodies regulate different kinds of data; for instance, data related to finance is regulated by the Gramm-Leach-Bliley Act, while healthcare data is governed by the Health Insurance Portability and Accountability Act.
There is no law in the United States of America that is similar to the GDPR. The various types of data that are regulated by this law are not protected in America. The data collected in the EU is stored and processed in different requirements and standards as compared to data collected in the USA.
The use of different systems in the USA to protect data may affect the efficiency of data collection. It introduces complexity and could result in mistakes. Non-compliance with one regulation may result in sanctions and fines. The system is also confusing because different laws process an individual’s data.