GDPR
Definition
The GDPR (General Data Protection Regulation) is the European privacy law that requires organisations to process and protect personal data carefully.
The GDPR has been in force since May 2018 and applies to all organisations that process personal data of EU citizens, regardless of where the organisation is established. The law sets requirements for data collection, storage, processing and data subject rights.
From a cybersecurity perspective, the data breach obligations are crucial: organisations must report data breaches within 72 hours to the supervisory authority. Adequate technical and organisational security measures are mandatory.
Fines can amount to 4% of annual global turnover or 20 million euros. DEFION helps organisations bring their technical security measures up to GDPR standard.