Word of the Day: General Data Protection Regulation (GDPR)

Word of the Day Daily updates on the latest technology terms |May 24, 2018

General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) is legislation that will update and unify data privacy laws across the European Union. GDPR was approved by the EU Parliament on April 14, 2016 and goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive of 1995. The new directive focuses on keeping businesses more transparent and expanding the privacy rights of data subjects. When a serious data breach has been detected, the company is required by the General Data Protection Regulation to notify all affected people and the supervising authority within 72 hours. Mandates in the General Data Protection Regulation apply to all data produced by EU citizens, whether or not the company collecting the data in question is located within the EU, as well as all people whose data is stored within the EU, whether or not they are actually EU citizens. Under GDPR, companies may not legally process any person's personally identifiable information without meeting at least one of six conditions. Express consent of the data subject. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract. Processing is necessary for compliance with a legal obligation. Processing is necessary to protect the vital interests of a data subject or another person. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. In addition, companies that conduct data processing or monitor data subjects on a large scale must appoint a data protection officer (DPO). The DPO is the figurehead responsible for data governance and ensuring the company complies with GDRP. If a company does not comply with the GDPR when it becomes effective, legal consequences can include fines of up to 20 million euros or 4 percent of annual global turnover. Read more... Quote of the Day "GDPR demands a global shift in thinking with respect to the collection and treatment of personal data. In simple terms, businesses don't get a free-for-all mandate to use personal data as they please when they get consent. Businesses don't own the personal data -- the citizen does." - Luis Franco   Trending Terms EU Data Protection Directive Directive data breach express consent data governance right to be forgotten Data Protection Bill 2017   Learning Center GDPR deadline: Keep calm and GDPR on With the GDPR deadline looming, companies may still be scrambling to do "something" about it, but with less than 30 days to go the best move for many may be to wait and watch, and perhaps just consider ways in which GDPR may not be as important as everyone is saying. Test your knowledge of GDPR rights and AWS data protection The EU's major data protection overhaul will dramatically alter how enterprises handle sensitive personal information. New GDPR rights turn over control of individual data to the consumer and limit what an organization can do with it. How Salesforce teams will feel the impact of GDPR The impact of GDPR for sales teams on Salesforce will call for trimming data processes down to the bone -- and designing a process to 'forget' those who ask. Six data risk management steps for GDPR compliance A data governance framework must include data risk management. Learn the steps to achieve GDPR compliance and the components of data risk management, including data asset surveillance; data security; and protection, risk assessment and data classification. GDPR call center compliance can be a sticky wicket There are several questions you need to answer and answers you need to document when it comes to GDPR call center compliance, a process that can require the collaboration of business executives, call center managers and outside lawyers to establish and communicate data protection policies. Writing for Business GDPR's requirement for 'privacy by design' demands new approaches to customer __________ giving customers complete control over their data. A. relationships, including B. relationships including Answer     Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.