General Data Protection Regulation - GDPR

Everything you need to know to become EU GDPR compliant

Disclaimer

We are not lawyers and what we present here is not legal advice. It is our understanding, based on years in the IT and information security industry, analysis of the GDPR itself and a variety of inputs from webinars, courses and books on the subject. We do not offer GDPR consultancy services. We can help you with information so you can have a better understanding of the GDPR.

European Union’s General Data Protection Regulation (EU GDPR) was created with the purpose of regulating the way EU citizens’ personal data is protected by companies, and of replacing the current Data Protection Directive 95/46/EC.

Organizations that operate within the EU or that process EU citizens’ data must make sure they adapt to the new Regulation and become compliant, or they will be fined.

The power over personal data will no longer be in the hands of organizations, but will belong to the citizens’ themselves.

The most important save the date for 2018 will be the 25th of May, when all Member States must have the Regulation transposed into their national law, and businesses be compliant.

GDPR At A Glance

 

Who is it for?

The GDPR will bring important changes once it becomes mandatory in 2018. Find out to whom it applies to and what are the changes for data controllers and processors.

 

What is a data subject?

The term data subject appears very often in the GDPR. The regulation is meant to give them more rights. But what exactly is a data subject and who can become one?

 

Personal Data

Personal data is a sensitive subject within the GDPR. Whether you are a data controller/processor or a data subject, you need to know what is personal data according to the Regulation.

 

EU Citizens’ Rights

The GDPR puts a strong emphasis on individual rights. Find out what they are, how you can exercise them as a EU citizen and how to enforce them as an organization.

 

How does consent work?

Consent has always been important for data processing. Under the GDPR consent becomes harder to get and easier to revoke. Find out how consent works under the Regulation.

 

How can encryption help you?

The GDPR strongly emphasizes data protection encouraging security ‘by design and by default’. A lot is left to the choice of each organization, but some recommendations exist.

 

What are your obligations?

Whether you are a data processor, or a data controller, it is important that you know your obligations under this new Regulation.

 

What is a data protection officer?

See whether your organization needs to appoint a data protection officer, and what his role in the company will be.

 

Fines for non-compliance

The non-compliance fines are established on a tiered system, and depend on the gravity of the damage, or on the obligations breached.

 

Institutional Bodies

These are the institutions in charge of providing your organization with advice and clarifications, as well as to apply the fines, if this is the case.

 

Other info

The GDPR enables codes of conduct and certifications as a means to prove GDPR compliance to regulators and data subjects.

 

The next steps

Here is an action plan to be applied in order for your business to become GDPR compliant and help you get a head start in front of your competition.

EU GDPR Timeline
01

January 2012: Proposal

GDPR was first proposed by the European Commission in January 2012.
02

March 2014: First amendment

The European Parliament voted in favor of the new data protection laws.
03

June 2015: Second amendment

Member States' ministers, EU Justice and the Home Affairs Council agreed on a general approach to GDPR.
04

May 2016: Adoption

The General Data Protection Regulation was published in the Official Journal of the European Union.
05

May 2018: Enforcement

By the 25th of May 2018, all Member States must have transposed the GDPR into their national law.