What’s the General Data Protection Regulation（GDPR）?

The General Data Protection Regulation (GDPR) which has came into force from 25th of May 2018 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the European Union and European Economic Area. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

What is GDPR compliance?

GDPR establishes a set of compliance and security processes around managing personally identifiable information so that it is not misused.

Data breaches inevitably happen. Information gets stolen or otherwise released into the hands of people who have malicious intent. However, under the terms of GDPR, not only will organizations have to ensure that personal data is gathered, but those who collect and manage it will be obliged to protect it from misuse - or face penalties for not doing so.

What is a GDPR breach notification?

Organizations will be obliged to report any breaches which are likely to result in a risk to the rights of individuals and lead to discrimination, damage to reputation, financial loss, or any other economic or social disadvantage. This will need to be done via a breach notification, which must be delivered directly to the victims. It must be a one-to-one correspondence with those affected.

GDPR is built upon trust in order to make Europe fit for the digital age. With solid common standards for data protection, people can be sure they are in control of their personal information.