The General Data Protection Regulation (GDPR) is a regulation which is intended to protect the privacy of citizens of EU and EEA countries.
The aim of GDPR is to safeguard the data of citizens, end customers and users, partly in order to prevent cybercrime and regulate the commercial exploitation of personal data by businesses.
GDPR continues the old regulation of 1995, but with a number of stricter provisions relating to more demanding documentation requirements, built-in data protection (data protection by design and by default), data portability, erasure and notification of security breaches.
GDPR applies as law to all citizens of EU and EEA countries and, to some extent, to data processing carried out in countries outside the EU.
GDPR contains provisions regarding where and how personal data should be processed, the obligations that are incumbent on processors, and how the use of personal data must be documented.
Requirements concerning ongoing risk assessments and compliance with laws
Provision for inspection and auditing
Requirement for reporting within 72 hours after a data leak
In some countries, GDPR has also been incorporated into specific laws. In Norway, the provisions can be found in the Personal Data Act.
Infringements can result in fines of up to EUR 20 million or 4% of global revenue, whichever is greater.
The regulation entered into force on 25 May 2018 and has direct effect in Member States. It does not require any national legislation. The GDPR is relevant to the EEA and entered into force in Norway on 20 July 2018.
Cegal and GDPR
For many years, Cegal has assisted the energy industry through the provision of advice and the performance of data protection impact analyses to ensure that our clients become GDPR-compliant.
We offer our own GDPR service, where we assist clients with regard to every aspect of the GDPR.