The European Union (EU) General Data Protection Regulation (GDPR) is a sweeping regulation that replaced the aging Data Protection Directive (95/46/EC). It (somewhat) modernized the EU's approach to privacy and data protection and (somewhat) harmonized privacy and data protection laws across the EU.
Does your company have a presence in the European Union? Does your company monitor or track attitudes/behavior in European Union? If you answered yes to either question, it's likely your company has to comply with the GDPR
Sky high fines! The GDPR empowers Data Protection Authorities (DPAs) to impose fines as high as €20 million or 4% of global turnover (whichever is higher).
An introductory guide to understanding the core principles of the GDPR and how to begin your compliance journey.
Read More
Explains the purpose, scope, and key requirements of the EU’s landmark privacy regulation.
Outlines the GDPR issues most relevant to organizations handling research data and analytics.
Answers the most common questions about the GDPR’s rules, responsibilities, and impacts.
Offers simplified GDPR compliance advice tailored for small and medium-sized enterprises.
Summarizes key steps and documentation required for maintaining GDPR compliance.
Reviews recent enforcement examples and practical compliance lessons for research professionals.
A practical checklist to ensure all consent practices meet GDPR standards.
Discusses the compliance requirements for using cookies and tracking technologies.
Clarifies when U.S.-based firms must designate a Data Protection Officer under EU law.
Helps determine whether your organization is a data controller or processor under EU and UK law.
Describes the decentralized enforcement structure and cooperation among EU regulators.
Describes the lawful grounds required to process personal information under the GDPR.
Provides guidance on collecting sensitive demographic data ethically and lawfully.
Provides key GDPR terminology to help professionals interpret and apply the regulation correctly.
Protects you in ways you cannot, advocating for your practice and profession all the way to Capitol Hill.
Defines valid consent under the GDPR and how to properly obtain and record it.
Guides organizations on fulfilling individual requests to view their personal data.
Explains the verification process organizations must follow before releasing personal data.
Outlines special rules and safeguards for handling minors’ personal information.
Outlines how to set appropriate data retention and deletion timelines under the GDPR.
Examines whether encryption qualifies data as anonymous or merely pseudonymous under GDPR rules.
Explains the mechanisms and safeguards required for lawful international data transfers.
Provides a sample form template to document proper consent for data use and international transfer.
Summarizes updates to SCCs and how they affect cross-border data transfers.
Explains the court’s decision to strike down Privacy Shield and its implications for data transfers.
Outlines options for lawful data transfers between the U.S. and EU following the Schrems ruling.
Announces and explains the new framework replacing the invalidated Privacy Shield.
Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.