The European Union’s sweeping new privacy law—the General Data Protection Regulation, or GDPR—replaces the EU’s 1995 Data Protection Directive and is the farthest-reaching data privacy law in the world. Approved and adopted by the EU Parliament on April 14, 2016, GDPR is binding on all EU member states and becomes enforceable on May 25, 2018.
GDPR directly impacts EU-based companies; however, GDPR also affects organizations doing business in the EU—regardless of where they’re located. If your organization markets to, tracks, or handles an EU personal data (whether a customer, prospective customer, or employee), your company is subject to the numerous new data-management and -protection requirements mandated by GDPR.
GDPR strengthens existing data-protection laws and introduces numerous new requirements that will have significant legal, procedural, and technology implications for organizations subject to the new law.
Since the end of World War II, European law has consistently prioritized the individual’s right to privacy. GDPR breaks new ground and further regulates how organizations collect, store, and use personal information about European residents. GDPR is founded upon the following explicit principles that make clear the EU’s commitment to ensuring privacy as a fundamental right for EU residents.
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate security, technical, and organizational measures
© 2021 Ventiv Technology