English 
Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world's strictest security and privacy law, GDPR imposes regulations on organizations that target or collect data relating to people in the EU. European Parliament signed GDPR into law in 2016, requiring all organizations to comply by May 2018.
The EU introduced GDPR to replace the monstrously antiquated Data Protection Directive 1995 and "harmonize" data privacy rules across Europe, providing greater protection and rights to individuals and improving how organizations handle consumer data. GDPR results from over four years of planning and built on previous data protection principles to dramatically modernize security and privacy laws.
Consisting of 99 articles across 88 pages, GDPR is a weighty tome that intimidates even the most seasoned compliance professionals. Keep reading for a practical, digestible overview that will help you gain an understanding of GDPR.
While it is an EU law, GDPR applies to any organization that operates within the EU, irrespective of location. Any organization or individual dealing with EU citizens' personal data must comply with GDPR. Personal data is any information that someone could use to directly or indirectly identify a living person; for example, names and addresses.
Some forms of personal data are deemed more sensitive and granted additional protections. These include, but are not limited to, information regarding:
Individuals or organizations that handle EU citizens' data fall into one of the following two categories:
GDPR has seven main principles for the lawful processing of personal data. Processing refers to the collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data. The principles are:
GDPR grants data subjects a wide array of rights, giving them enhanced control over how organizations use their data. They are:
Failing to comply with GDPR will result in serious financial and reputational damage. In severe circumstances, fines can reach up to 17 million euros or 4% of a company's annual turnover. Organizations may also be required to pay their data subjects compensation for any damages that resulted from a data breach, and public opinion of an organization is likely to nose-dive in the wake of a GDPR non-compliance decision.
GDPR is the world's most stringent security and privacy law. It seeks to standardize and modernize data protection across Europe, giving users more control over their information. It applies to any organization or company, regardless of location, that processes the data of EU citizens. Non-compliance can result in fines, legal proceedings, and irrevocable reputational damage.
Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.
Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.