GDPR Compliance

Who does GDPR apply to?

The General Data Protection Regulation (GDPR) is the European Union’s data security and privacy law. Designed to safeguard the personal information of EU citizens and residents, the regulation applies to any organization that manages Europeans’ sensitive data. Accordingly, GDPR is extra-territorial and can also apply to companies outside of the EU. GDPR specifically oversees data controllers, individuals or organizations that determine why and how personal data is used, and processers, individuals and organizations that process personal data for data controllers.

What are GDPR compliance requirements?

While GDPR has numerous requirements, most center around complying with eight core data subject rights:

The Right to be Informed: People have the right to know what personal information will be collected, how it will be used, and who it will be shared with.

The Right to Object: Individuals are allowed to opt-out of data processing without repercussion.

The Right to Access: People can request that organizations share the personal information they have collected about them.

The Right to Rectification: Users are allowed to amend and correct their personal data.

The Right to Erasure: Individuals can request that all their non-essential personal information be deleted.

The Right to Portability: People are allowed to request that their personal data be securely sent to them for their own use.

The Right to Restrict Processing: Users are allowed to limit how organizations process their personal information.

The Right to Avoid Automated Processing: Individuals do not have to allow decisions to be made about them—including profiling—based solely on automated processing.

Organizations are required to establish governance in order to comply with these rights. Doing so requires complete oversight as sensitive information is scattered across the enterprise, hidden in files, emails, and countless other data sources. For an exhaustive list of GDPR compliance requirements, refer to the legislation.

Got questions? Talk to a ZL Tech Compliance Expert
See ZL Tech GDPR Compliance Solutions in Action