The EU's General Data Protection Regulation (GDPR) intends to standardize data protection legislation across the European Union (EU) and update current data protection laws.
Ed Brown of Malwarebytes Legal explains the basics of GDPR.
GDPR will apply to the European Economic Area (European Union states, as well as Iceland, Liechtenstein and Norway).
This will impact every entity that holds or uses European personal data both inside and outside of Europe.1
GDPR is based on the principle of good data governance. To achieve data privacy, organizations require ‘privacy by design’, ‘privacy by default’, and ‘accountability’.
Without undue delay and, where feasible, not later than 72 hours after having become aware of it.2
The impending law changes will impose stricter fines on companies mismanaging personal data or failing to appropriately protect it.
Any person who has suffered material or immaterial damage as a result of an infringement of the regulation shall have the right to receive compensation from the controller or processor for the damage suffered.3
GDPR mandates that organizations, including large enterprises, small & medium business (SMBs), and even sole proprietors reassess their data processing controls and implement a plan to achieve compliance.
GDPR takes effect on May 25th, 2018.
You can read more at
GDPR compliance involves many stakeholders across the organization. A new role imposed by GDPR, the Data Protection Officer (DPO) is required to work closely with all stakeholders. No single technology or process will deliver compliance across the three regulation pillars – legal and compliance, technology, and data. Learn more about how to prepare for GDPR and better protect your organization’s data.
Check out our Quick Start Guide
What to do to prepare for GDPR's approach.
Incident response plans are now required by GDPR.
Steps to create your company's incident response program.