Around the Web: EU General Data Protection Regulation

MARA Blog

Published: July 26, 2017 by Anna Maloney

On the European Union’s General Data Protection Regulation (GDPR) website, there is a countdown clock. As I write this entry on May 29, 2017, the countdown clock reads 360 days, 0 hours, 32 minutes, 54 seconds. By the time you read this post, the countdown clock will read a little over 300 days remaining.

By the time that clock reaches zero, member nations in the European Union will be required to comply with the GDPR, which aims “to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.” The GDPR addresses the following items:

  • Increases the jurisdiction of the existing GDPR to all companies processing the personal data of data subjects residing in the Union. 
  • Establishes a tiered approach to fines for organizations in breach of GDPR
  • Strengthens the requirements for consent

Additionally, the GDPR establishes the following rights for data subjects (i.e. the people whom the data is about)

  • Breach notification
  • Right to access
  • Right to be forgotten
  • Data portability 
  • Privacy by design
  • Data Protection Officers

The new requirements of the GDPR will have implications for records managers and information governance officers around the world. You can read more about the GDPR here.