Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The primary objective of the GDPR is to give citizens back control of their personal data.  

When is the GDPR coming into effect? 

The EU’s General Data Protection Regulation will take effect on 25 May 2018.

What is personal data under GDPR?

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, etc.

Who does the GDPR affect?

The global scope of the GDPR’s application is significant. It applies to any company—even those outside the European Union—that offers goods or services to individuals in the European Union, or that monitors the behavior of EU citizens. 

What are the penalties for non-compliance?

Penalties for non-compliance are severe. Companies that don’t meet the new requirements can face fines up to four percent of total annual global revenue or €20 million (U.S.$21.5 million), whichever is higher. 

What is the difference between a data processor and a data controller?

Data controllers are those who collect and own the data. Data processors are, essentially, third-party vendors; they process the personal data on behalf of the data controllers.

 

Global Glimpses Blog

Apple CEO pushes for U.S.-style GDPR, bashes those who ‘put profits over privacy’

Neil Hodge | October 24, 2018

Apple CEO Tim Cook voiced his support for the EU’s General Data Protection Regulation and advocated for a similar U.S. mandate based on four “essential rights.”

Global Glimpses Blog

German DPAs begin random GDPR examinations

Jaclyn Jaeger | October 12, 2018

The Data Protection Authority of the German state of Lower Saxony recently began random examinations into how well companies are implementing the EU’s General Data Protection Regulations. Compliance officers of U.S. companies with operations in Germany should be on alert.

GRC Announcements Blog

OneTrust launches California privacy law assessment tool

GRC Announcements | August 8, 2018

OneTrust, a privacy management software provider, has launched a free assessment for companies to use to benchmark their preparedness with the California Consumer Privacy Act.

News Article

California data privacy law creates complications beyond GDPR compliance

Joe Mont | July 23, 2018

To consider California’s new Consumer Privacy Act a locally ported version of the EU’s GDPR regime may be understating the full scope of the newly enacted approach to data privacy.

News Article

California is first state to enact a domestic take on EU data protections

Joe Mont | June 29, 2018

Despite the economic clout of the tech sector, California’s state legislators have passed an extensive slate of data privacy rules that take their cue from the EU’s recently enacted General Data Protection Regulation rules.

Global Glimpses Blog

Consumer advocacy groups urge FTC to investigate Google, Facebook

Jaclyn Jaeger | June 27, 2018

Several consumer advocacy groups in the United States are urging the U.S. Federal Trade Commission to investigate what they say are “misleading and manipulative tactics” by Google and Facebook in violation of the General Data Protection Regulation.

News Article

Taking a pull-the-plug approach to GDPR compliance

Neil Hodge | June 5, 2018

Given the two-year lead time, few would have guessed that the best way some organisations would comply with the European Union’s stringent new data rules would be to simply cut access to services.

GRC Announcements Blog

1touch.io launches privacy management solution built for GDPR

GRC Announcements | June 1, 2018

Technology startup 1touch.io has launched the first data protection and privacy management and control solution born of the enormous growth of privacy regulation globally.

Global Glimpses Blog

Tech giants face first wave of GDPR complaints

Jaclyn Jaeger | May 29, 2018

Privacy advocates wasted no time filing numerous complaints against a handful of technology companies, including Facebook and Google, for violations of the EU’s General Data Protection regulation, which came into force May 25.

GRC Announcements Blog

Convercent releases GDPR capabilities for Ethics Cloud platform

GRC Announcements | May 29, 2018

Convercent, a provider of ethics and compliance software, announced new platform capabilities designed to help global customers achieve compliance with the EU’s General Data Protection Regulation requirements via the Convercent Ethics Cloud platform.