The GDPR stands for the General Data Protection Regulation, which is a comprehensive EU data protection law, adopted in May 2016, updating the existing EU data protection law (the 1996 Data Protection Directive) to further strengthen the protection of personal data of individuals in the EU. It takes full effect on May 25, 2018.

To Whom does the GDPR apply?

The GDPR applies to organizations that collect and process personal data of individuals in the EU for their own purposes, defined as Controllers by the regulation, as well as to organizations that process data on behalf of others, defined as Processors by the regulation. This is a shift from the preceding EU data protection law, which only applied to controllers.

Does GDPR apply to companies that are not based in the EU?

Yes. The GDPR applies to entities that collect or process personal data of individuals in the European Union, even if the entity is not established in the EU, for instance if the entity is offering goods and services targeted at EU data subjects or is monitoring their behavior within the EU.

How can Exium help its customers in their journey to GDPR compliance?

The GDPR requires organizations to put in places measures to secure personal data. In particular, entities are expected to determine and adopt appropriate security, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Our products and services provide options to configure our products so that they can be implemented in compliance with privacy principles, with customers’ policies, and with GDPR. This includes controls that allow customers to determine which data to share with Exium, or who can access the data, for example.