The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA.
Under the GDPR, there is a concept called the "data protection officer" (DPO), an individual or position responsible for overseeing the organization's data protection strategy and compliance with the GDPR. The DPO is required for certain types of organizations, such as those that process large amounts of sensitive personal data or engage in regular and systematic monitoring of data subjects on a large scale.
In addition to the DPO, the GDPR also introduces the concept of a "supervisory authority," which is an independent public authority responsible for ensuring the GDPR is applied and enforced in the member state where it is located.
The GDPR imposes significant fines for non-compliance and gives individuals the right to sue organizations for damages caused by a breach of their personal data. It is important for organizations to understand their obligations under the GDPR and to take steps to ensure compliance.
UPDATED Dec 22th (New SCC)
The new standard contract clauses for GDPR are a set of legally binding requirements that companies must adhere to when transferring personal data to a third party outside of the EEA. The new standard contract clauses include provisions on data protection, data security, data retention, and data rights. They also outline the responsibilities of both the data controller and the data processor, as well as the rights and obligations of individuals whose data is being processed.
The new standard contract clauses are intended to provide a consistent and reliable framework for data protection, ensuring that companies can continue to transfer personal data across borders while still upholding the principles of the GDPR.