This article provides a brief introduction to the General Data Protection Regulation (GDPR) was ratified by the European Union during April 2016. GDPR went into effect on May 25, 2018. All organizations outside the European Union are subject to this regulation when they collect data concerning any European Union citizen.
What is GDPR Compliance?
GDPR was designed to give individuals better control over their personal data and establish one single set of data protection rules across Europe. Personal data is defined as any information relating to an identified or identifiable natural person. This includes online identifiers, such as IP addresses and cookies if they are capable of being linked back to the data subject. This also includes indirect information, which might include physical, physiological, genetic, mental, economic, cultural or social identities that can be traced back to a specific individual. There is no distinction between personal data about an individual in their private, public, or work roles. It is all are covered by this regulation. GDPR impacts people, process, and technology.
Here is a list of requirements for data processors:
- Implement a data breach plan
- Ensure total transparency of data collection and what you do with it
- Control employee data access
- The right to erasure/right to be forgotten, for which controllers are obligated to erase personal data without undue delay
- The data subject has given consent to the processing
- Documented vendor management policies and procedures in place
- Appoint a Data Protection Officer
Do I need to be GDPR Compliant?
If you or any organization processes any data from any citizen or business from the European Union you must be GDPR compliant.