The European Union (EU) General Data Protection Regulation (GDPR) is a sweeping regulation that replaced the aging Data Protection Directive (95/46/EC). It (somewhat) modernized the EU's approach to privacy and data protection and (somewhat) harmonized privacy and data protection laws across the EU.
Does your company have a presence in the European Union? Does your company monitor or track attitudes/behavior in European Union? If you answered yes to either question, it's likely your company has to comply with the GDPR
Sky high fines! The GDPR empowers Data Protection Authorities (DPAs) to impose fines as high as €20 million or 4% of global turnover (whichever is higher).
An introductory guide to understanding the core principles of the GDPR and how to begin your compliance journey.
Read More
Explains the purpose, scope, and key requirements of the EU’s landmark privacy regulation.
Outlines the GDPR issues most relevant to organizations handling research data and analytics.
Answers the most common questions about the GDPR’s rules, responsibilities, and impacts.
Offers simplified GDPR compliance advice tailored for small and medium-sized enterprises.
Summarizes key steps and documentation required for maintaining GDPR compliance.
Reviews recent enforcement examples and practical compliance lessons for research professionals.
A practical checklist to ensure all consent practices meet GDPR standards.
Discusses the compliance requirements for using cookies and tracking technologies.
Clarifies when U.S.-based firms must designate a Data Protection Officer under EU law.
Helps determine whether your organization is a data controller or processor under EU and UK law.
Describes the decentralized enforcement structure and cooperation among EU regulators.
Describes the lawful grounds required to process personal information under the GDPR.
GDPR went into effect on May 25, 2018, bringing fines as large as €20 million or 4% of global turnover (whichever is higher) for non-compliance. The Regulation applies to many more companies than the old Directive as companies established in the EU and some outside the EU fall under its scope. Notably, the Regulation applies directly to both controllers and processors of personal data. Its structure also imposes duties on affected companies and preserves certain rights for affected individuals.
If you answered yes to either question, it's likely your company has to comply with the GDPR.
Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.