In 2012, the European Commission proposed a comprehensive reform of European Data Protection Directive 95/46/EC, which established a set of data protection principles that each member state adopted into local law, resulting in a patchwork of data protection requirements across the European Union. This patchwork approach made compliance costly and challenging for global business.
In April 2016, the European Parliament adopted the new General Data Protection Regulation (GDPR) that replaces the patchwork approach with a single, harmonised law binding across all member states of the EU. The GDPR provides greater predictability and efficiency for business and offers EU citizens increased data protection rights in the new digital age. The GDPR will take effect in May 2018.
Key requirements include:
• Increased rights for data subjects, i.e. the right to “be forgotten” and data portability
• Software developed with security in mind (privacy by design and by default)
• Pseudonymisation or encryption of personal data (privacy by design and by default)
• Secure processing of data
• 72-hour notification for breaches of personal data
• Fines of up to €20 million or four percent of annual turnover, whichever is greater
Further, the GDPR does not simply apply to EU domestic business, but to companies worldwide that target their goods and services to European citizens.
Machine data experts, Splunk, have put together this whitepaper about how machine data supports GDPR compliance.
Download the full pdf report.