Data Privacy by Location

Navigating Global Regulations

North America
north america

canada

Canada

california

California

utah

Utah

colorado

Colorado

virginia

Virginia

connecticut

Connecticut

information

Click the
plus
button to expand

Global

North America

California

Colorado

Connecticut

Virginia

Utah

Canada

Europe

x

Europe

The General Data Protection Regulation (GDPR) has been in effect since May 25, 2018. It protects the privacy rights of data subjects in the European Union. It ensures transparency in communication and accessible modalities for data subjects to exercise their rights, which include: information about and access to personal data; rectification and erasure, including restrictions on select processes; and opting out of automated decision-making. Data processors and controllers must ensure privacy by design and default, and they may need to appoint a Data Protection Officer (DPO) or implement risk assessments and other measures, per the discretion of the EU Member State or other entity designated as their supervisory authority.

The GDPR applies to organizations based in the EU that process personal data, along with organizations outside of the EU that process the personal data of EU residents, offer goods or services to them, or monitor the behavior of EU residents. If a data breach occurs, the data controller is responsible for providing notification to their supervisory authority no more than 72 hours after becoming aware of the incident. The notice must include the nature of the breach, its likely consequences, and what measures are being taken to mitigate them, among other details.