What is the GDPR?
The General Data Protection Regulation (GDPR) is a new comprehensive data protection law in the EU that will take effect on May 25, 2018. It will strengthen the protection of personal data in light of rapid technological globalization and development. It replaces an older directive on data privacy, Directive 95/46/EC.
What does the GDPR regulate?
The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, including organizations located outside of the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any piece of data that could identify a person.
How does the GDPR change privacy law?
The key changes are the following:
- expanded data privacy rights for EU individuals;
- data breach notification;
- security requirements for organizations;
- 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations;
- strengthened conditions for obtaining consent.