GDPR (General Data Protection Regulation)

What is GDPR?

The General Data Protection Regulation (GDPR) is a law of the European Union (EU) that governs data protection and privacy rights for EU residents (data subjects). The GDPR also addresses the export and use of that personal data outside the EU. This means that organizations outside of the EU which offer services to and/or manage the personal data of EU residents are also affected by this regulation. The law took full effect on May 25, 2018, and enforcement includes fines for regulatory violations.

The GDPR replaced the earlier Data Protection directive, and has binding legal force in every EU member state. Member states do not have the discretion to decide how to transpose the regulation into individual national laws.

Following are several important differences introduced by GDPR over the previous Data Protection directive:

  • An organization has only 72 hours to report a data breach to its national regulator.
  • One of the factors in calculating penalties and fines is the annual revenue of the organization.
  • Individuals have new rights such as the right to erasure and the right to portability, among others.

The GDPR introduced the Data Protection Impact Assessment to estimate the impact of changes or new actions within organizations governed by the GDPR. Compliance actions include, but are not limited to, conducting awareness training for the data privacy officer and other employees; making arrangements to track protected data; establishing a process for speedy data breach reporting; ensuring that consents are obtained from data subjects as needed; responding promptly to data access requests, and other actions.

Schedule a Call

24By7 Security

Our services for GDPR Compliance

  • Data tracking – Assist in finding and securing personal data that is subject to GDPR.
  • Creation of policies and procedures.
  • Data Privacy Review and assessment.