There is increasing focus on the protection of personal identity information around the world. Over the past two decades, we have seen increasing regulations such as US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC and others around the world. The latest, most comprehensive, and the one that is the front and center of concern to organizations globally is the EU General Data Protection Regulation 2016/679 (GDPR), which replaces the former directive. While this is an EU regulation, it has a global impact. All organizations – wherever they are in the world – that own or process the personally identifiable information (PII) of EU data subjects must comply with the regulation. It is extra-territorial which means it applies everywhere in the world (so long as an EU data subject PII is involved).
Full compliance for organizations . . .
The rest of this article by GRC 20/20 can be found at the following link as a guest blog on the INFOGOTO blog . . .