What is GDPR?

General Data Protection Regulation (GDPR) is an European Union data privacy law that will replace the erstwhile EU Data Protection Directive 1995. The law which will become effective from May 2018, will require enterprises located or doing business in EU countries, to comply with its strict privacy requirements regardless of whether the location of data processing is within EU or outside.

Why should an organization be concerned about GDPR?

1) Steep penalties for non-compliance and data breaches.
2) Applicability is irrespective of location of data processing.
3) Applies directly to data processors in addition to data controllers.
4) Several stringent requirements such as privacy by design, mandatory privacy impact assessment, appointment of a DPO.

Key Focus Areas