The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995. The regulation was adopted on 27 April 2016.
The regulation applies if the data controller (an organization that collects data from EU residents) or processor (an organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore, the regulation also applies to organizations based outside the European Union if they collect or process personal data of individuals located inside the EU. According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.
Whether you are a “data controller” or “data processor”, implementing strong data management procedures is ethically sound and will benefit your brand. It limits the risk of potentially costly security breaches, safeguards the privacy of the customers that generate your revenues, and protects valuable data assets that are crucial to your business. Implementing a security framework and attaining Certification is a clear way of demonstrating your compliance with GDPR.
AACI can help you to :
- Achieve certification
- Prove to stakeholders that you respect their right to privacy