What is the General Data Protection Regulation?

Learn about the GDPR and how it could affect your business

by AT&T Business Editorial Team

In May 2018, a new European law will go into effect to protect the privacy and personal data of European citizens.

The law, known as the General Data Protection Regulation (GDPR), will apply not only to companies located in Europe, but also to others across the globe.

The GDPR is an overarching directive intended to care for the rights and freedoms of individuals in the European Union (EU). The regulation intends to protect private data such as names, addresses, health data, and much more.

The law applies to any organization that processes personal data of individuals in the EU, regardless of where the processing organization is based. This means businesses in the U.S. and many other locations will be affected.

What you need to know

The following privacy rights are included in the regulation:   

  • Breach notifications: Companies must notify customers within 72 hours of becoming aware of a data breach.   
  • Right to access: Individuals have the right to know if their personal data is being processed, where it’s being processed, and for what purpose.   
  • Right to be forgotten: Individuals are entitled to have a company erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

The following organizational requirements are also included:   

  • Increased territorial scope: The GDPR will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.   
  • Data Protection Officer (DPO): The appointment of a Data Protection Officer (DPO) may be required for your organization.   
  • Privacy by design: Companies can only hold and process an individual’s data when absolutely necessary for the completion of its duties.

AT&T and the GDPR

AT&T has a long-standing commitment to protect customer data, and this includes being compliant with the GDPR.

We’re currently modifying contract and service guide language to address the regulation requirements. We plan to quickly respond to data subject access requests, inquiries from European data protection authorities, and notifications of data privacy breaches.

To learn more the GDPR and how it could affect your business moving forward, contact your AT&T account team.