The General Data Protection Regulation (GDPR) is “designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.” GDPR legislation establishes consistent rules for managing personal data of EU citizens.
What does that mean for companies?
GDPR applies to any organization that handles personal data of EU citizens. Data processors and data controllers alike, regardless of their geographic location, are subject to the regulations. If your organization handles personal data of EU citizens, you must comply directly with GDPR Framework, which provides companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.