General Data Protection Regulation (“GDPR”)
What is the General Data Protection Regulation?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”), effective May 25, 2018. The GDPR aims to strengthen the security and protection of personal data in the European Union (“EU”) and harmonize EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
What implications does GDPR have for organizations processing the personal data of EU citizens?
One key aspect of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.