The information landscape has changed significantly since the European Union (EU) introduced its Data Protection Directive in 1995 aimed at protecting the privacy of EU citizens. The amount, sources, and types of data that are collected and used by organisations today has exponentially grown, together with the value organisations can gain from this data.
With the growth of the ‘always on’ culture, driven by the ever-expanding capabilities of mobile devices and the increase in the digital transformation of services, a wide range of identifiable and behavioral data is now collected and processed by organisations every time we interact online.
This proliferation in how and where data is gathered, processed, and stored, plus its ever-increasing value, has led the EU Commission to update its regulations to better protect the privacy of its citizens and to standardize data protection laws across the EU. The EU General Data Protection Regulation (GDPR) enforcement date begins May 25, 2018 and has been designed to better protect how personal data of EU citizens is collected, processed, and stored.
It applies not only to all organisations based in the EU, but also to any company that processes the data of EU citizens. Within an organisation, the GDPR applies to both the data controller and all data processors. In addition, organisations must also understand the physical location of where the data they collect and store resides especially if they utilize SaaS solutions and hybrid and cloud environments.