GDPR Explained

Understanding the Regulatory Requirements

The General Data Protection Regulation (GDPR) is a new regulation designed to improve the protection of European citizens by requiring organizations to expand their data protection processes.

Dissect the regulatory requirements and begin to understand how the regulation impacts your organization through this Info-Tech resource.

Download the article now

First Name

Last Name

Company

Job Function

Comments

The Facts About GDPR

1. The new regulation expands the definition of personal data to include the types of data modern organizations are collecting. For example, IP addresses, economic, genetic, social identity, mental, cultural or a pseudonymised version of this data that is easy to interpret must be secured. Reference the appendix for a full list of definitions.

2. GDPR’s reach expands beyond companies within the European Union to include any organization around the world. The emphasis of the regulation is not company headquarters but rather where the citizen resides. Any company and its associated subcontractor that collects data on or markets to EU citizens is subject to GDPR.

3. Fines imposed under GDPR have increased – companies can be fined up to 20 million EUR or 4% of annual turnover (i.e. revenue) from their previous financial year. These fines will be imposed on organizations that regulators believe citizens trust and rely on, as well as hold sensitive data. For less severe breaches, remediation includes a fine of up to 10 million EUR or 2% of annual turnover or regular data audits. Data processors will be insulated from these fines, which will be applied to data controllers (the company contracting the processor).

GDPR Explained

More from Info-Tech Research Group