The new General Data Protection Regulation put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December, is set to replace the Data Protection Directive 95/46/ec. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018. In this seventh of a 10-part series, IAPP Westin Fellow Anna Myers, CIPP/US, explores new mandates for vendor management. Editor’s Note: See the first six posts in the series in the IAPP Resource Center.
If you want to comment on this post, you need to login.