General Data Protection Regulation

It should come as no surprise that there would be strict laws protecting people’s data from large organisations and the government in a future where data is seen as the most valuable resource. In Europe, the GDPR, or General Data Protection Regulation, has replaced older data privacy laws that were nearly two decades old, some of which were initially developed in the 1990s. Since then, our data-intensive lives have developed, and individuals often share their private information online without restriction. The GDPR is the world’s most robust collection of data protection laws. 

What is GDPR? 

To provide European Union citizens additional access to their personal information, a new set of regulations known as GDPR was created. It seeks to streamline the regulatory landscape for business so that everyone in the EU—citizens and companies—can fully take advantage of the digital economy. 

The GDPR establishes a new baseline for consumer rights surrounding personal data. Still, businesses will face challenges in implementing the necessary systems and procedures to remain compliant. 

Understanding GDPR 

Although adopted in 2016 by the European Parliament, the law didn’t prevail until May 2018. GDPR replaced a previous law, the Data Protection Directive and also provides standards for how information is transmitted, whether done wholly or mostly by digital means. This new EU framework has ramifications for organisations in all member states, people, and enterprises throughout Europe and beyond. 

In accordance with the terms of the GDPR, organisations are not only required to ensure that personal data is obtained legally and per strict guidelines but also that those who obtain and manage it are obligated to safeguard it from misuse and exploitation and to uphold the rights of data owners – or face penalties for doing otherwise. 


History of GDPR 

GDPR replaces the 1995 Data Protection Act and sets specific data protection regulations. Organisations must protect user data from accidental or unauthorised access, destruction, alteration, or unauthorised use. They must also ensure that data is quality controlled to protect against unauthorised access, alteration, or destruction. Lastly, they must take steps to ensure that individuals have the right to information about their data protection rights and access to it. 

Under the GDPR, organisations must provide customers with a data protection notice (DPN) specifying the specific rights that the customer has. Customers have the right to access their data, change their data protection settings, receive data protection notices in a Format that they can understand, and complain if they feel their rights have not been fully respected. 

In recent years, there have been various changes to GDPR. Important modifications to the GDPR’s provisions were made in 2021. One example is removing the privacy shield established to facilitate economic transactions between US corporations and EU residents. 

Principles of GDPR 


The seven guiding principles of GDPR are: 

  • Accuracy 
  • Lawfulness, fairness & transparency 
  • Data minimisation 
  • Storage restriction 
  • Integrity and confidentiality (security),  
  • Accountability.  

These principles are also known as the “core values” of the GDPR. However, one of the above principles, i.e., accountability, is new to data protection laws. The other principles are equivalent to those in place before the 1998 Data Protection Act in the UK. 


Impact of GDPR 

The GDPR has significantly impacted how companies process and protect the personal data of EU citizens. Many companies have had to change their data collection and processing practices to comply with the GDPR. Some companies have also stopped doing business with the EU to avoid complying with the GDPR. 

Under Article 83(5)(a), the highest administrative fines are applied to violations of the fundamental principles for processing personal data. This entails potential penalties of up to 4% of your entire annual international revenue or £17.5 million (US$21 million), whichever is larger. 

Fines under the GDPR are discretionary instead of compulsory. They must be “effective, proportional, and dissuasive” and be used case-by-case. 

Frequently Asked Questions

Companies need to do a few key things to comply with GDPR.  

  • First, they need to appoint a Data Protection Officer (DPO). This person is responsible for overseeing the company’s compliance with GDPR.  
  • Second, companies must implement policies and procedures to ensure that personal data is collected, stored, and processed in a way compliant with GDPR. This includes ensuring that personal data is only collected for specific, legitimate purposes, stored securely, and authorised individuals only access it.  
  • Finally, companies must provide individuals with information about their rights under GDPR and ensure they have a mechanism for exercising those rights. 

The term “GDPR compliance” refers to an organisation’s ability to handle personal data in accordance with the GDPR’s defined standards. To comply with the GDPR’s regulations on the use of personal data, enterprises must adhere to a set of rules. Moreover, it specifies eight rights for data subjects that offer some protections for people’s private information. 

The GDPR applies to any company that processes the personal data of EU citizens, regardless of where the company is located. This includes companies based outside the EU that offer goods or services to EU citizens or that collect or process the personal data of EU citizens. 


Any information about a natural person (referred to as a “data subject”) that relates to their professional, personal, or public life and can be used to directly or indirectly recognise that person is referred to as personal data under GDPR law. Examples include names, photos, email addresses, or even bank records. 

These also comprise any information that has been or might be connected to a person. Personal data includes a person’s phone number, credit card number, employee ID, account information, number plate information, appearance, customer number, or address. 


On April 14, 2016, the European Parliament adopted GDPR, which came into force on May 25, 2018.  

    Read the Latest Market Journal

    Unlocking Stock Market Potential with AI

    Published on May 24, 2024 48 

    Introduction of AI In the world we live in today, artificial intelligence (AI) is almost...

    Financial Sectors Thriving: Top Traded Counters in April 2024

    Published on May 21, 2024 80 

    At a glance: The Federal Reserve (Fed) held interest rates steady at 5.25% to 5.5%...

    One Dollar at a Time: The Potential of Fractional Shares

    Published on May 20, 2024 75 

    Table of contents 1. Introduction 2. Dollar-Cost Averaging 3. Popularity of Dollar-Cost Averaging 4. Small...

    Unit Trusts vs Exchange Traded Funds (ETFs) – Which is better for your portfolio?

    Published on May 20, 2024 78 

    Imagine you are dining at a nice restaurant, feeling overwhelmed by the variety of seemingly...

    Weekly Updates 20/5/24 – 24/5/24

    Published on May 20, 2024 21 

    This weekly update is designed to help you stay informed and relate economic and company...

    What is CFD? With 2 Practical Examples

    Published on May 15, 2024 105 

    In this article, you will learn what CFD (Contract for Difference) is, the costs and...

    What is ESG investing, and why is it important?

    Published on May 15, 2024 110 

    Over the last five years, Environmental, Social, and Governance (ESG) investing has evolved from being...

    What are fixed-income funds?

    Published on May 15, 2024 62 

    In the diverse world of unit trusts, various funds employ distinct investment strategies aligned with...

    Contact us to Open an Account

    Need Assistance? Share your Details and we’ll get back to you


    This material is provided by Phillip Capital Management (S) Ltd (“PCM”) for general information only and does not constitute a recommendation, an offer to sell, or a solicitation of any offer to invest in any of the exchange-traded fund (“ETF”) or the unit trust (“Products”) mentioned herein. It does not have any regard to your specific investment objectives, financial situation and any of your particular needs. You should read the Prospectus and the accompanying Product Highlights Sheet (“PHS”) for key features, key risks and other important information of the Products and obtain advice from a financial adviser (“FA“) pursuant to a separate engagement before making a commitment to invest in the Products. In the event that you choose not to obtain advice from a FA, you should assess whether the Products are suitable for you before proceeding to invest. A copy of the Prospectus and PHS are available from PCM, any of its Participating Dealers (“PDs“) for the ETF, or any of its authorised distributors for the unit trust managed by PCM.  

    An ETF is not like a typical unit trust as the units of the ETF (the “Units“) are to be listed and traded like any share on the Singapore Exchange Securities Trading Limited (“SGX-ST”). Listing on the SGX-ST does not guarantee a liquid market for the Units which may be traded at prices above or below its NAV or may be suspended or delisted. Investors may buy or sell the Units on SGX-ST when it is listed. Investors cannot create or redeem Units directly with PCM and have no rights to request PCM to redeem or purchase their Units. Creation and redemption of Units are through PDs if investors are clients of the PDs, who have no obligation to agree to create or redeem Units on behalf of any investor and may impose terms and conditions in connection with such creation or redemption orders. Please refer to the Prospectus of the ETF for more details.  

    Investments are subject to investment risks including the possible loss of the principal amount invested. The purchase of a unit in a fund is not the same as placing your money on deposit with a bank or deposit-taking company. There is no guarantee as to the amount of capital invested or return received. The value of the units and the income accruing to the units may fall or rise. Past performance is not necessarily indicative of the future or likely performance of the Products. There can be no assurance that investment objectives will be achieved.  

    Where applicable, fund(s) may invest in financial derivatives and/or participate in securities lending and repurchase transactions for the purpose of hedging and/or efficient portfolio management, subject to the relevant regulatory requirements. PCM reserves the discretion to determine if currency exposure should be hedged actively, passively or not at all, in the best interest of the Products.  

    The regular dividend distributions, out of either income and/or capital, are not guaranteed and subject to PCM’s discretion. Past payout yields and payments do not represent future payout yields and payments. Such dividend distributions will reduce the available capital for reinvestment and may result in an immediate decrease in the net asset value (“NAV”) of the Products. Please refer to <> for more information in relation to the dividend distributions.  

    The information provided herein may be obtained or compiled from public and/or third party sources that PCM has no reason to believe are unreliable. Any opinion or view herein is an expression of belief of the individual author or the indicated source (as applicable) only. PCM makes no representation or warranty that such information is accurate, complete, verified or should be relied upon as such. The information does not constitute, and should not be used as a substitute for tax, legal or investment advice.  

    The information herein are not for any person in any jurisdiction or country where such distribution or availability for use would contravene any applicable law or regulation or would subject PCM to any registration or licensing requirement in such jurisdiction or country. The Products is not offered to U.S. Persons. PhillipCapital Group of Companies, including PCM, their affiliates and/or their officers, directors and/or employees may own or have positions in the Products. Any member of the PhillipCapital Group of Companies may have acted upon or used the information, analyses and opinions herein before they have been published. 

    This advertisement has not been reviewed by the Monetary Authority of Singapore.  


    Phillip Capital Management (S) Ltd (Co. Reg. No. 199905233W)  
    250 North Bridge Road #06-00, Raffles City Tower ,Singapore 179101 
    Tel: (65) 6230 8133 Fax: (65) 65383066