GDPR (General Data Protection Regulation) was enforced in May 25, 2018. Any organization that controls or processes data on people living in the European Union are affected by this regulation, and data governance policies must be adopted and implemented to meet the demands for greater transparency and data subject requests.
Key takeaways:
- The GDPR harmonizes data protection requirements across all 28 EU Member States, introduces new rights for data subjects, and applies extra-territorially to any organization controlling or processing data on natural persons in the European Union.
- If your organization controls or processes personal data on natural persons in the European Union, GDPR almost certainly applies to you.
- GDPR requires data controllers and processors to implement both organizational and technical safeguards to ensure the rights and freedoms of data subjects are not compromised.