General Data ProtectIon RegulatIon
The European Parliament adopted the General Data Protection Regulation (“GDPR”) in April 2016, replacing the outdated European Union (“EU”)Directive 95/46/EC (“Directive”). It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
Companies that collect data on citizens in EU countries, need to comply with strict new rules around protecting personal data. The GDPR sets a new standard for data subject rights regarding their data, and data controllers are challenged as they put systems and processes in place to maintain compliance.
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.