What is General Data Protection
Regulation (GDPR)?

The General Data Protection and Regulation, or GDPR, is a legal framework containing guidelines for the collection of data of EU citizens. 

The GDPR exists as a framework for laws across the European continent. The legal framework ensures better protection and rights to individual EU citizens. The GDPR  regulates how businesses and other organizations handle user and client data. The GDPR will impose harsh fines against anyone who violates its privacy and security standards.

 

Data Protection Principles of the GDPR

  • Processing must be lawful, fair, and transparent to the data subject. 
  • The data must be for a legitimate purpose specified to the data subject when it was collected.
  • Collect only minimal data as absolutely necessary for the purposes specified.
  • Personal data must be kept accurate and up-to-date. 
  • Personally identifying data should have a storage limitation for as long as necessary for the specified purpose.
  • Processing of data must be done in such a way as to insure security,  integrity, and confidentiality (e.g. by using encryption).
  • The data controller must show accountability for being able to demonstrate GDPR compliance with all these principles.

Who does the GDPR apply to?

Non-EU organizations must comply with the GDPR if they are offering goods and services via the internet. If a company is not in the EU but caters to EU customers, the the company should be GDPR compliant.

If an organization uses web tools to track cookies or IP addresses of people who visit the website from EU countries, that organization must be GDPR compliant.  

Who is exempt from GDPR regulations?

GDPR does not apply to personal or household activities, such as collecting email addresses of fellow workers to organize an event. 

The second exception is for organizations with fewer than 250 employees. While smaller organizations must comply with GDPR, they are exempt from record-keeping obligations. 

At Right-Hand, we recognize the importance of regulatory frameworks like GDPR. We provide organizations with the means to manage and deploy compliance across the entire workforce by training employees to understand the rules and apply them to their day-to-day activities. 

Ready to Take Your Security Awareness Program to the Next Level?