What Is the General Data Protection Regulation (GDPR) Law?

General Data Protection Regulation (GDPR) Law

The European Union General Data Protection Regulation (GDPR) law is an act, applied across the Union, which directs data privacy. The GDPR law is designed to protect the data privacy of all EU citizens and guide organizational approaches to handling data, as well as transferring it across borders. Under the GDPR, breach notification is mandatory within 72 hours if the breach is likely to “result in a risk for the rights and freedoms of individuals.” The GDPR applies to organizations within the EU as well as those outside of the EU if they offer goods or services to European citizens. It also applies to organizations that monitor the behavior of data subjects online.

Organizations, including cloud-based ones, can face significant fines for violating the General Data Protection Regulation. Under the Regulation, parental consent is required when the personal data of children under the age of 16 is processed online.

For practical steps your business can take to comply with the GDPR, listen to Winston & Strawn’s Global Privacy & Data Security Practice’s webinar.