The General Data Protection Regulation (GDPR) is Europe’s data protection law, designed to unify and improve the privacy of personal data across Europe. The GDPR intends to provide European Union (EU) residents with more visibility and control over the way their data is collected and processed.
The GDPR protects the personal data of data subjects from the EU, including citizens, visitors, and noncitizen residents, regardless of where their data is being held or processed — and penalties for non-compliance can be substantial.
In the age of big data analytics, cloud computing and mobile access, organizations can struggle to keep track of all their data sources. Data is increasingly accessible — and in increasingly complex combinations. Due to this, figuring out every place you hold the personal information of even a single EU data subject is an enormous challenge — and with hundreds or thousands of customers, a vastly bigger one.
The GDPR has defined six important principles on how personal data should be processed. It mandates that personal data shall be:
Once the GDPR is enforced, organizations could face a few different penalties for non-compliance depending on the infraction. Possible consequences include:
The GDPR applies to all businesses that: