The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulations for all European Union (EU) citizens. The GDPR comes into force since May 25, 2018.
What is GDPR and how it affects PX Clients?
The General Data Protection Regulation (GDPR) represents a significant shift in privacy requirements governing how financial services institutions and other organizations manage and protect personal data. Failure to comply could mean significant regulatory enforcement actions, reputational damage, and a loss of customer trust.
The GDPR applies to any organization that is processing anyone’s personal data, if that processing is done in the context of the activities of an organization established in the EU (regardless of where the processing takes place).
You can read the full GDPR FAQ here.
The General Data Protection Regulation (GDPR) will:
Provide a Single Uniform Law
The purpose of the GDPR is to provide a single uniform law governing the protection of personal information across the European Economic Area (the EU plus three other European countries).
Clarify Personal Data & Transparency
The GDPR is also intended to clarify, strengthen and modernize data protection, particularly given the profound changes since 1995 in how personal data is collected and processed on the Internet and otherwise.
Valid Consent Requirements
The GDPR has standardized what is required to obtain valid consent. Whereas opt-out implied consent may have sufficed, now it must be clear, freely given, unambiguous, informed and easily withdrawn.
However, note that consent is only one basis for processing personal data under Article 6 of the GDPR. Performance of a contract with the data subject (e.g. using a customer’s shipping address to ship them their order) is another.