GDPR - General Data Protection Regulation (EU)
The General Data Protection Regulation (GDPR), formally known as Regulation (EU) 2016/679, is a comprehensive data protection law in the European Union (EU) designed to safeguard personal data and privacy. It was introduced to replace the Data Protection Directive (Directive 95/46/EC), which had established initial data protection principles but needed modernization to address digital privacy challenges. Implemented to enhance data protection for individuals within the EU, the GDPR applies to any organization that processes the personal data of EU residents, regardless of where the organization is located. Its main goal is to give individuals more control over their personal data and ensure that their privacy is protected.
GDPR establishes several key principles for handling personal data. Organizations must ensure that personal data is processed lawfully, transparently, and for specified purposes. They must also collect only the data necessary for their purposes, ensure data accuracy, and retain data only for as long as needed. Additionally, organizations are required to implement appropriate security measures to protect data from breaches and unauthorized access.
A major component of GDPR is the requirement for organizations to obtain a lawful basis, such as explicit consent from individuals before processing their personal data when required. Individuals have the right to access their data, request corrections, and demand deletion when it is no longer needed. Organizations must also appoint a Data Protection Officer (DPO) if they process large amounts of sensitive data, monitor individuals systematically, or are a public authority. They must notify authorities and affected individuals in case of a data breach.
Compliance with GDPR is mandatory, and organizations face significant penalties for non-compliance. Fines can reach up to 4% of an organization’s annual global revenue or €20 million, whichever is higher. To ensure compliance, organizations must review their data processing practices, update privacy policies, and train staff on data protection principles.
For the full text of the GDPR, you can refer to the official document, Regulation (EU) 2016/679, available on EUR-Lex:. For additional information about GDPR and its requirements, visit the European Commission’s page for General Data Protection Regulation (GDPR).
Standards / Schemes
- ISO 9001ISO 14001ISO 26000ISO 31000 - Risk ManagementISO 45001ISO 50001ISO 22301Gost RCE markingISO 13485 - Medical Devices Quality Management SystemsISO 28000ISO/IEC 17025ISO 55001 - Asset ManagementISO 37001 - Anti-Bribery Management SystemsISO 10002 - Quality Management - Customer SatisfactionISO 20400 - Sustainable ProcurementISO 37301 - Compliance Management SystemsISO 45002 - Guidance for Implementing 45001Cosmos Standard - organic and natural cosmeticsSA8000 - Social AccountabilitySMETA Audit
- ISO 22000BRCGSFSSC 22000HACCP (Hazard Analysis and Critical Control Point)HalalIFS standardsKosherGlobalGAPIFS Food - International Featured Standards for FoodBRCGS - British Retail Consortium Global Standards for Food SafetyGFSI - Global Food Safety Initiative BenchmarkingGMP - Good Manufacturing Practice