The EU's General Data Protection Regulation (GDPR) intends to standardize data protection legislation across the European Union (EU) and update current data protection laws.
Ed Brown of Malwarebytes Legal explains the basics of GDPR.
GDPR will apply to the European Economic Area (European Union states, as well as Iceland, Liechtenstein and Norway).
This will impact every entity that holds or uses European personal data both inside and outside of Europe.1
GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’.
Without undue delay and, where feasible, not later than 72 hours after having become aware of it.2
The impending law changes will impose stricter fines on companies mismanaging personal data or failing to appropriately protect it.
Any person who has suffered material or immaterial damage as a result of an infringement of the regulation shall have the right to receive compensation from the controller or processor for the damage suffered.3
GDPR mandates that organizations, including large enterprises, small & medium business (SMBs), and even sole proprietors reassess their data processing controls and implement a plan to achieve compliance.
GDPR took effect on May 25th, 2018.
You can read more at
GDPR compliance involves many stakeholders across the organization. A new role imposed by GDPR, the Data Protection Officer (DPO) is required to work closely with all stakeholders. No single technology or process will deliver compliance across the three regulation pillars – legal and compliance, technology, and data. Learn more about how to prepare for GDPR and better protect your organization’s data.
Check out our Quick Start Guide
Let’s take a look at how different companies are coping with GDPR changes.
What to do to prepare for GDPR's approach.
Incident response plans are now required by GDPR.
Steps to create your company's incident response program.
The GDPR is a regulation intended to standardize data protection legislation across the European Union (EU) and update current data protection laws. GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’. GDPR takes effect on May 25th, 2018 and as a result, organizations, including Malwarebytes, are reassessing their data processing controls and implement a plan to achieve compliance.
Our primary purpose in collecting your data is to be able to equip you with effective products and services that provide a more agile, dynamic response to new and unknown threats. We also use the data to communicate with you by informing you about your account, new products or services available, providing access to content such as whitepapers and webinars, as well as in fulfilling requests such as providing customer support services.
You may access, modify or delete (subject to applicable law) the personal information associated with your use of our services at any time by updating your “My Account” information by navigating to my.malwarebytes.com, signing into your account and updated your personal information. Alternatively, you may contact us at firstname.lastname@example.org.
We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.
We take commercially reasonable measures to protect personal information from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can't guarantee the absolute security of your personal information, but we do what we reasonably can to protect it.
Yes, Malwarebytes and its partners collect information through "cookies" and other similar tracking technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Cookies are text files saved by your browser when you log into our software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. If you prefer, you can always change your browser options to stop accepting cookies or to prompt you before accepting cookies. However, if you do not accept cookies you may not be able to access the entirety of our software and services.
Our services are not directed to children under eighteen, and we do not knowingly collect personal information from children under thirteen. If we learn that we have collected personal information of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.
As of May 25, 2018, our Malwarebytes Software User License Agreement will include processing terms that address the GDPR’s contract requirements and therefore you will not need to put in place a separate data processing addendum.
If you have any questions please send us an email to email@example.com.