What you need to know about GDPR

The General Data Protection Regulation ( GDPR ) going into effect on May 25, 2018 was designed by the European Union in an effort to standardize and strengthen data protection for personal information through laws that are binding to EU Member States.  While the law was developed for EU Member States, it also applies to organizations outside the EU where goods and services are provided to EU data subjects (individuals).

The basic intent of the new set of rules is to give the citizens of the EU more personal control over their personal data.  With the rapid growth of the digital economy it is necessary to enforce obligations of businesses to be vigilant about data privacy and consent.  Almost every service in use today involves the collection and analysis of individuals’ personal information.

Compliance then is an attempt to make sure businesses are making reasonable efforts to ensure that personal data is gathered legally and managers will be obliged to protect the data from misuse and to respect the rights of the individual or face stiff penalties.

There are two different types of “data handlers” defined by the regulation:  Controllers and Processors. A Controller is any person, public authority, agency or entity which determines the purpose and means of the processing of personal data.  A Processor is any person, public authority, agency or entity which processes personal data on behalf of the controller.

Controllers and Processors have different guidelines to follow in order to be compliant to the regulation.  Significant attention should be given to the GDPR initiative in order to how the regulations may affect your organization.

Note:  If you are a Controller or Processor and you are victim of a data breach, under the new regulation, all notifications must be provided to affected individuals within 72 hours of the breach.