What is the GDPR EU General Data Protection Regulation?
General Data Protection Regulation Defined:
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
On October 6, 2015, the EU’s highest court (ECJ)[1] struck down the Safe Harbor Agreement between the US and the European Commission.
Many believe the EU will move forward with the General Data Protection Regulation (GDPR), “The EU General Data Protection Regulation (GDPR) was proposed in 2012 and aims to apply a single set of data protection rules across the European Union (EU) to protect user’s data.”[2]
The new EU GDPR breach notification requirements mandate the increase in data monitoring, privacy data leak prevention and alerts
GDPR – Some Important Points Regarding General Data Protection Regulation
- Vast “Personal” Data Pool to include data from cookies, genetic data, IP & MAC addresses
- Data Profiling will probably require explicit consent from the subjects of profiles
- PII may need explicit consent for collection and processing
- Outside of the EU? Activities geared towards EU residents means you are covered even if by Non EU entities.
- Data Protection Officers must be designated
- Breach Notifications Data authorities and consumers must be notified within 72 hours after the discovery of the breach.
- Big Fines
- fines of up to 10,000,000 EUR or (for undertakings) 2% of total worldwide annual turnover (whichever is the greatest); or
- fines of up to 20,000,000 EUR or (for undertakings) 4% of total worldwide annual turnover (whichever is the greatest).[i]