The General Data Protection Regulation(GDPR), viewed from one perspective, is an attempt by the EU to place the citizen – the individual – at the heart of decision-making in respect of their own data. EU law places great emphasis on the rights and freedoms of the individual against the rights of businesses to make money from perceived infringement of those rights.
In regulatory terms, GDPR is in some ways a simplification of what has been done before – the regime around international transfers is broadly the same – while the filing of both contractual clauses and binding corporate rules is actually easier, as one “authority” will be responsible. Previously companies would have to speak to the regulator in each EU jurisdiction, and file BCRs for inspection by three regulators, which built in significant delays.
Copyright 2017 NETWORKFIGHTS.COM