SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
EU GDPR (General Data Protection Regulation) is a far-reaching privacy regulation in the European Union. It covers personal information and activities taking place within the European Union even when the party processing the personal information is not in the EU. GDPR is a law established at the European Union level and comes with hefty penalties. It is automatically in force in all EU countries and will start being enforced on May 25, 2018.
The definition of personal information in the legislation is extremely broad. It basically covers any information that has been or can be associated with a particular natural person.
Introduction to GDPR by head of policy at UK Information Commissioner's Office.
These links provide the text of the General Data Protection Regulation, as well as commentary on the regulation by the data protection offices of various EU countries. The commentary may help interpret the regulations.
The new regulation largely supersedes the older Data Protection Directive. For reference, the old regulation is provided here.
The European Court of Justice has already made several decisions that are important for interpreting the regulation. Decisions on IP addresses and cybersecurity as a valid justification for processing them are important for many organizations.
The regulation is particularly sweeping with respect to Internet marketing and marketing analytics. These references provide guidance for marketing professionals.
Various law offices have written about the regulation and provide guidance for its interpretation and interpretation. These law offices are probably good candidates to talk to when needing assistance. However, this should not be read as any kind of endorsement.
Various press articles also provide useful guidance and information. Here are some of the more relevant.
The references herein are for information only and should not be seen as endorsements. Nothing herein is intended as legal advise and we recommend consulting a competent attorney to interpret the regulation in the unique circumstances of each organization.