European Union 

General Data Protection Regulation

DESCRIPTION

GDPR is the European Union's Data Protection Regulation which goes into effect May 2018.  The Regulation significantly strengthens data protection regulation.  Key to the regulation is the protection of personal Data

Defining Personal Data 
Personal Data is defined as any information relating to a person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This description is very exapansive and  indicates many things are considered personal identifier including in some cases such things as IP address and cookies.  

Relevant Elements of GDPR
 

Applicability
 GDPR applies to all companies involved in processing data about individuals in the context of selling goods and services to citizens in the EU, regardless of whether the organization is located in the EU.  This means any company that is responsible for Personal Data of Europen Union citizens must comply with GDPR.

Included within the legislation is requirements around

  • Consent 

  • Breach Notification 

  • Right to Access

  • Right to be forgotten

  • Data Portability

  • Privacy by Design

  • Data Protection Officers

Fines and Enforcements

Companies guilty of not protecting customer personal information can  be fined up to 4% of Revenue (on a global basis)  or 20 M Euros, whichever is higher

 

Data Protection Officers
Many compananies may need to put in place a Data Protection Officer 

1775 Tysons Blvd. 5th Floor, McLean, VA 22102

703.861.6836  |  info@deepersolutions.net

© Deeper Solutions, LLC. All Rights Reserved.