GDPR Information

The General Data Protection Regulation took effect on May 25, 2018. Here’s what you need to know.
Disclaimer: The contents of this web page do not constitute legal advice. This page is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.

What is GPDR?

The EU General Data Protection Regulation (GDPR) is European legislation designed to increase protections around the processing of personal data of data subjects in the European Union.

When did the GDPR take effect?

The GDPR took effect on May 25, 2018.

Who does the GDPR apply to?

Subject to certain exceptions, the GDPR applies to any organization with an establishment in the European Union that is processing personal data. It also applies to any organization that processes the personal data of EU data subjects, regardless of whether the organization has a presence in the European Union or whether the processing is conducted within the European Union.

If you have a presence in the EU, or collect, store, manage, analyze, or otherwise process personal data of EU residents, including email addresses, the GDPR’s requirement may apply to you.

What did the GDPR change?

Note: This section covers many of the changes of the GDPR, but it is not intended to be exhaustive. We highly recommend seeking independent legal counsel to determine how GDPR affects your business.

The GDPR lays out a range of requirements related to consent, individual rights, and data processing. The below overview is a non-exhaustive summary of some of the significant requirements of the GDPR.

Consent

Consent, initially defined in Article 4 and further clarified under Article 7, is addressed throughout the text of the GDPR. In general, the GDPR institutes a more rigid standard of consent when compared to the Data Protection Directive, the predecessor to the GDPR.

Consent under the GDPR needs to be informed, freely-given, and affirmative. Organizations have an obligation to present information about processing “in a concise, transparent, intelligible and easily accessible form, using clear and plain language” (Article 12). in order to make sure any consent is “informed.” Where data processing is based on consent, organizations will need affirmative consent from individuals—and they should be able to prove that individuals have given consent.

When organizations collect personal data, they are required to divulge certain information in accordance with Article 13.