Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The primary objective of the GDPR is to give citizens back control of their personal data.  

When is the GDPR coming into effect? 

The EU’s General Data Protection Regulation will take effect on 25 May 2018.

What is personal data under GDPR?

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, etc.

Who does the GDPR affect?

The global scope of the GDPR’s application is significant. It applies to any company—even those outside the European Union—that offers goods or services to individuals in the European Union, or that monitors the behavior of EU citizens. 

What are the penalties for non-compliance?

Penalties for non-compliance are severe. Companies that don’t meet the new requirements can face fines up to four percent of total annual global revenue or €20 million (U.S.$21.5 million), whichever is higher. 

What is the difference between a data processor and a data controller?

Data controllers are those who collect and own the data. Data processors are, essentially, third-party vendors; they process the personal data on behalf of the data controllers.

 

Tom Fox

Hilary Wandall on U.S. data privacy priorities

Tom Fox | February 19, 2019

Hilary Wandall, senior vice president, general counsel, and chief data governance officer at TrustArc, explains to columnist Tom Fox why U.S. companies should address data privacy now, regardless of their motivations.

Global Glimpses Blog

Privacy violations surge despite Europe’s tougher regs

Neil Hodge | February 8, 2019

A steep uptick in potential privacy violations has hit Europe, eight months after it issued stringent data privacy regulations.

The Filing Cabinet Blog

Apple, CEO Tim Cook double down on privacy demands

Kyle Brasseur | January 22, 2019

In an op-ed for Time Magazine, Apple CEO Tim Cook is once again calling on the U.S. government to address data privacy in 2019.

Global Glimpses Blog

French data regulator fines Google under GDPR

Neil Hodge | January 22, 2019

France’s data protection regulator recently slapped Google with a substantial €50 million (U.S. $57 million) fine for failing to provide users with clear, accurate, and informative details on its data use policies.

News Article

Understanding the territorial scope of the GDPR

Jaclyn Jaeger | January 10, 2019

EU companies should scrutinize new guidelines from the European Data Protection Board that signal the long arm of the GDPR extends far beyond the European Union.

News Article

Understanding the territorial scope of the GDPR

Jaclyn Jaeger | January 10, 2019

EU companies should scrutinize new guidelines from the European Data Protection Board that signal the long arm of the GDPR extends far beyond the European Union.

News Article

Walking the KYC and data protection tightrope

Jaclyn Jaeger | November 29, 2018

The EU General Data Protection Regulation is stirring the pot for financial institutions in trying to strike a balance between complying with AML laws while ensuring data protection.

Global Glimpses Blog

GDPR, Brexit keep compliance on its toes

Dave Lefort | November 28, 2018

The EU’s General Data Protection Regulation and Britain’s upcoming divorce from the European Union both have a tremendous impact on European compliance, but strategizing solutions around either one has proven to be difficult due to a lack of guidance and, in the case of Brexit, just plain chaos.

News Article

Regulators raise problem of AI in decision making and accountability

Neil Hodge | November 28, 2018

Are companies transferring too much decision-making power to machines? That’s the opinion of EU data regulators, who say companies should “think seriously” about telling investors and stakeholders automatons are now in charge of their data.

News Article

‘No-deal’ Brexit risks U.K. and EU data transfer problems

Neil Hodge | November 28, 2018

In the event of a ‘no-deal’ Brexit, EU data commissioners are warning of data transfer restrictions between the European Union and the United Kingdom, which will be treated as a third country.