FAQs
Resources
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The primary objective of the GDPR is to give citizens back control of their personal data.
When is the GDPR coming into effect?
The EU’s General Data Protection Regulation will take effect on 25 May 2018.
What is personal data under GDPR?
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, etc.
Who does the GDPR affect?
The global scope of the GDPR’s application is significant. It applies to any company—even those outside the European Union—that offers goods or services to individuals in the European Union, or that monitors the behavior of EU citizens.
What are the penalties for non-compliance?
Penalties for non-compliance are severe. Companies that don’t meet the new requirements can face fines up to four percent of total annual global revenue or €20 million (U.S.$21.5 million), whichever is higher.
What is the difference between a data processor and a data controller?
Data controllers are those who collect and own the data. Data processors are, essentially, third-party vendors; they process the personal data on behalf of the data controllers.
Global Glimpses Blog Apple CEO pushes for U.S.-style GDPR, bashes those who ‘put profits over privacy’Neil Hodge | October 24, 2018Apple CEO Tim Cook voiced his support for the EU’s General Data Protection Regulation and advocated for a similar U.S. mandate based on four “essential rights.”
Pin to board (subscriber only)
TWEET
Global Glimpses Blog German DPAs begin random GDPR examinationsJaclyn Jaeger | October 12, 2018The Data Protection Authority of the German state of Lower Saxony recently began random examinations into how well companies are implementing the EU’s General Data Protection Regulations. Compliance officers of U.S. companies with operations in Germany should be on alert.
Pin to board (subscriber only)
TWEET
GRC Announcements Blog OneTrust launches California privacy law assessment toolGRC Announcements | August 8, 2018OneTrust, a privacy management software provider, has launched a free assessment for companies to use to benchmark their preparedness with the California Consumer Privacy Act.
Pin to board (subscriber only)
TWEET
News Article California data privacy law creates complications beyond GDPR complianceJoe Mont | July 23, 2018To consider California’s new Consumer Privacy Act a locally ported version of the EU’s GDPR regime may be understating the full scope of the newly enacted approach to data privacy.
Pin to board (subscriber only)
TWEET
News Article California is first state to enact a domestic take on EU data protectionsJoe Mont | June 29, 2018Despite the economic clout of the tech sector, California’s state legislators have passed an extensive slate of data privacy rules that take their cue from the EU’s recently enacted General Data Protection Regulation rules.
Pin to board (subscriber only)
TWEET
Global Glimpses Blog Consumer advocacy groups urge FTC to investigate Google, FacebookJaclyn Jaeger | June 27, 2018Several consumer advocacy groups in the United States are urging the U.S. Federal Trade Commission to investigate what they say are “misleading and manipulative tactics” by Google and Facebook in violation of the General Data Protection Regulation.
Pin to board (subscriber only)
TWEET
News Article Taking a pull-the-plug approach to GDPR complianceNeil Hodge | June 5, 2018Given the two-year lead time, few would have guessed that the best way some organisations would comply with the European Union’s stringent new data rules would be to simply cut access to services.
Pin to board (subscriber only)
TWEET
GRC Announcements Blog 1touch.io launches privacy management solution built for GDPRGRC Announcements | June 1, 2018Technology startup 1touch.io has launched the first data protection and privacy management and control solution born of the enormous growth of privacy regulation globally.
Pin to board (subscriber only)
TWEET
Global Glimpses Blog Tech giants face first wave of GDPR complaintsJaclyn Jaeger | May 29, 2018Privacy advocates wasted no time filing numerous complaints against a handful of technology companies, including Facebook and Google, for violations of the EU’s General Data Protection regulation, which came into force May 25.
Pin to board (subscriber only)
TWEET
GRC Announcements Blog Convercent releases GDPR capabilities for Ethics Cloud platformGRC Announcements | May 29, 2018Convercent, a provider of ethics and compliance software, announced new platform capabilities designed to help global customers achieve compliance with the EU’s General Data Protection Regulation requirements via the Convercent Ethics Cloud platform.
Pin to board (subscriber only)
TWEET
Load more
No comments yet