Mandated Timeframe for Breach Reporting and/or Consumer Notification
Within 72 Hours
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of Breach and Notification Laws:
- Up to 4% of annual global turnover or €20 M
Third Party Management
None to minimal
The General Data Protection Regulation (GDPR) is a comprehensive regulation designed to address most aspects of personal data processing within the European Union. This regulation protects the personal information of all individuals in the EU, you may be applicable to GDPR requirements.
Member States are encouraged to establish their own country-specific codes of conduct.
If your business is located and/or handles personal information from individuals in one or more Member States, you may have additional requirements with which you must comply.
Both Processors and Controllers (unless exempt) must maintain an extensive log of all data processing activities.
Statutes and Laws
EU GENERAL DATA PROTECTION REGULATION (GDPR): REGULATION (EU) 2016/679