EU GDPR (General Data Protection Regulation) is a far-reaching privacy regulation in the European Union. It covers personal information and activities taking place within the European Union even when the party processing the personal information is not in the EU. GDPR is a law established at the European Union level and comes with hefty penalties. It is automatically in force in all EU countries and will start being enforced on May 25, 2018.
The definition of personal information in the legislation is extremely broad. It basically covers any information that has been or can be associated with a particular natural person.
Introduction to GDPR by head of policy at UK Information Commissioner's Office.
Introduction to GDPR, by UK ICO
Trusted Access Governance & The EU GDPR
These links provide the text of the General Data Protection Regulation, as well as commentary on the regulation by the data protection offices of various EU countries. The commentary may help interpret the regulations.
The new regulation largely supersedes the older Data Protection Directive. For reference, the old regulation is provided here.
The European Court of Justice has already made several decisions that are important for interpreting the regulation. Decisions on IP addresses and cybersecurity as a valid justification for processing them are important for many organizations.
Reprieve for IT departments as EU court rules on IP addresses
In Breyer decision today, Europe's highest court rules on definition of personal data
European Court of Justice rules against mass data retention in EU
ECJ declares the data retention directive to be invalid: what's next?
The regulation is particularly sweeping with respect to Internet marketing and marketing analytics. These references provide guidance for marketing professionals.
Digiday: A marketer's guide to the looming EU Global Data Protection Regulation
UK Direct Marketing Association: General Data Protection Regulation
EU escalates legal action against UK over behavioral advertising
Which US Businesses must comply with EU data protection laws
IAPP: Top 10 operational impacts of the GDPR: Part 5 - Profiling
Piwik Pro: How will GDPR affect your web analytics tracking?
eWeek: Google reiterates commitment to EU's General Data Protection Regulation
eWeek: EU certifies Google data transfer contracts comply with privacy rules
eWeek: Advocacy groups file FTC complaint over Google privacy policy change
Various law offices have written about the regulation and provide guidance for its interpretation and interpretation. These law offices are probably good candidates to talk to when needing assistance. However, this should not be read as any kind of endorsement.
IAPP: Top 10 operational impacts of the GDPR: Part 1 - data security and breach notification
White & Case: Unlocking the EU General Data Protection Regulation
Protiviti: European Union General Data Protection Regulation (GDPR)
Womble Carlyle Sandridge & Rice: A Fragile Shield? Managing the risks of EU-US data transfer
Foley Hoag: At long last, US-EU privacy shield adopted by EU member states
Foley & Lardner: To join or not to join: Is the EU-US privacy shield right for you?
King & Spalding: EU-US privacy shield framework agreement reached - replaces safe harbor agreement
Proskauer: The basics of international privacy law for commercial litigators, part 1: the EU
Various press articles also provide useful guidance and information. Here are some of the more relevant.
CSO: General Data Protection Regulation (GDPR) requirements, deadlines and facts
Information Age: GDPR compliance: what organizations need to know
Dark Reading: 8 Things Every Security Pro Should Know About GDPR
Forbes: GDPR: EU goes against the global grain to protect privacy
TechCrunch: On data protection Brexit means mirroring EU rules, confirms UK minister
Computer Weekly: Essential Guide to the EU General Data Protection Regulation (GDPR)
Telegraph: How SMEs can prepare for the General Data Protection Regulation
ZDNet: As EU's General Data Protection Regulation (GDPR) looms, tech vendors ready pitches
IT Governance's Guide to the General Data Protection Regulation (GDPR)
The Register: GDPR: Do not resist! Unless you want a visit from the data police
Adexchanger: The EU's GDPR is a big deal: Acxiom execs describe the impact
The references herein are for information only and should not be seen as endorsements. Nothing herein is intended as legal advise and we recommend consulting a competent attorney to interpret the regulation in the unique circumstances of each organization.