The General Data Protection Regulation (GDPR) is the new legal framework in the EU. Enacted by the EU in December 2015, the GDPR becomes enforceable in 2018. It expands previous data privacy laws & brings all of the EU under one regulatory framework and companies have until May 25, 2018 before compliance should be asssesed and the law applies to them.
Two types of organizations must comply:
The definition of the GDPR expanded significantly. In addition to everything considered as personal data under the Data Protection Act: IP addresses count. Economic, cultural or mental health information counts. Data processed under a pseudonym may count if it’s easy to identify who the data belongs to.
As the halfway point in the GDPR implementation timetable passed in 2017, we entered into a collaboration with Blickstein Group to carry out the first survey of in-house legal and compliance professionals on the topic. The goal was to gauge how well people understand the regulation and how they are progressing at planning for and implementing specific elements of the GDPR.
We report on the gap between how prepared companies think they are and how prepared they actually are based upon their implementation of key program elements —that’s the GDPR Reality Check.
With input from Blickstein Group and an Advisory Panel of leading privacy and data security experts from around the globe, Yerra Solutions built a 22-question online survey and distributed the questionnaire exclusively to in-house counsel, as well as eDiscovery and compliance professionals. We sought input from a cross-section of industries and regions.
All responses in this report come from people who answered in the affirmative to the question of whether their company “holds, controls, and/or processes personal data relating to any EU citizen(s)”.
So, the GDPR pertains to every participant.