Digitaleclub
Best for you!

What is the GDPR, its requirements and facts?

Companies that collect data on citizens in European Union (EU) countriesl need to comply with strict new rules around protecting customer data. The General Data Protection Regulation (GDPR) sets a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to maintain compliance.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance.

Time is running out to meet the deadline, so CSO has compiled what any business needs to know about the GDPR, along with advice for meeting its requirements. Many of the requirements do not relate directly to information security, but the processes and system changes needed to comply could affect existing security systems and protocols.

What is the GDPR?

The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.

[Related: –>How to prepare for the approaching General Data Protection Regulation]

Leave A Reply

Your email address will not be published.