The General Data Protection Regulation is a regulation by which the European Parliament, the European Council, and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back control of their personal data and to simplify the regulatory environment for international business by unifying privacy regulation within the EU. When the GDPR takes effect it will replace the 1995 data protection regulation. Perhaps confusingly for some, there is a new directive as well as a new regulation; the directive, however, will apply mainly to police procedures, which will continue to vary from one Member State to the other.

GDPR is Changing the North American Market

The European Union is currently enacting a comprehensive reform of data protection, aiming to “give citizens back control over their personal data, and to simplify the regulatory environment for business,” by creating a Digital Single Market with the same data protection rules across the EU. A new version of the European Commission’s General Data Protection Regulation (GDPR) will soon be coming into effect.

The GDPR applies to all organizations established in the EU that process personal data, but also to organizations outside the EU that are offer goods or services to people in the EU, or monitor the behavior of people within the EU (e.g., online tracking). Thus, a great number of North American organizations will fall with the regulation’s scope.

Most Important Impacts Of GDPR

The new GDPR includes several requirements and standards not included in the prior legislation. Organizations that fall under its scope will need to be aware of changes in the following areas:




Vendor Management

Cross-border data transfers

Consequences for GDPR violations

Codes of conduct and certifications

“Right to be forgotten” and data portability

The mandatory data protection officer requirement

Cyber security and data breach notification obligations

KI Design Hands-on GDPR Training

Our international, multidisciplinary professionals provide the GDPR advisory you need, wherever you need it. We offer a comprehensive introduction to the GDPR, designed to enable delegates to understand how to implement the regulation. Specialized training courses enable individuals to fulfill the role of data protection officer (DPO) within an organization or implement privacy-protective technologies.

To view our slides on the GDPR, please visit the episode links below:

KI Design Hands-on GDPR Training

Test your knowledge of the GDPR guidelines, with a free quiz here. Candidates with little prior knowledge of the GDPR are advised to undertake the EU General Data Protection Foundation training course to build a basic understanding of the new Regulation. The course provides an overview of the Regulation’s requirements, enabling delegates to understand what needs to be done to meet compliance objectives when the Regulation comes into force. Individuals who want to fulfill the role of Data Protection Officer and get in-depth knowledge of the GDPR and the technical aspects of data protection can attend the four-day Certified EU GDPR Practitioner training course.Privacy practitioners can participate in a 4 day course to learn how to use privacy technologies to manage consent, audits, pseudonymization, policy mapping, and anti-malware protection.