After years of preparation and debate, the European Union’s General Data Protection Regulation (GDPR) was formally approved by the EU Parliament
After years of preparation and debate, the European Union’s General Data Protection Regulation (GDPR) was formally approved by the EU Parliament almost two years ago on April 14, 2016. Some are calling it the most important change in data privacy regulation in two decades, and it transcends borders and is rapidly becoming a global “pay attention” issue.
Among other things, GDPR, which will come into effect across the EU on May 25, 2018, requires that organizations report unauthorized access to personal data within 72 hours of detection. Also concerning is Article 17, which states that data subjects have the right to have their personal data removed (or, “the right to be forgotten,” as it’s become commonly referred to) from the systems of controllers and processors under a number of circumstances. This legislation is so significant because it affects nearly any company or organization that does business in the EU, as it is specific to the EU citizens and agnostic of industry.