The General Data Protection Regulation (‘GDPR’) adopted by the European Union
(‘EU’) in May 2016 is a landmark in both data protection law and EU law. European
legislation on data protection has exercised unparalleled influence around the world, and
GDPR is likely to set the global standard for data protection legislation. The GDPR
also reflects several momentous changes to EU law that have occurred in recent
years, such as the enactment of the Treaty of Lisbon and the elevation of the Charter of
Fundamental Rights to primary law.
The General Data Protection Regulation (GDPR) is the world’s most stringent privacy and security law. Even though it was designed and approved by the European Union (EU), it imposes duties on corporations anywhere that target or collect data about EU citizens. On May 25, 2018, the regulation went into effect. Those who break the GDPR’s privacy and security regulations will face severe fines, with penalties ranging in the tens of millions of euros. The GDPR signals Europe’s hard stance on data protection and privacy at a time when more individuals are committing their data to cloud services and data breaches are becoming more common. The regulation is broad, far-reaching, and relatively light in the scope.
Every member of an organization must understand how their role is impacted by regulation and how they can contribute towards complying with it. With the GDPR, we expect the product development team to know what “privacy by design” means and how it should be incorporated into production workflows. A marketing team should know when they have a legal right to send emails to
customers (and when they don’t). IT departments are expected to know what good security looks like. HR
teams should be ready to respond to requests from individual members of staff about their personal information.
Our Advisors, Implementers, and Practitioners are enriched working towards implementing and complying with EU GDPR and ISO 27701 towards organization requirement