GDPR

---

The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens' personal data. Companies that are already in compliance with the Directive must ensure that they are also compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:

Requiring the consent of subjects for data processing
Anonymizing collected data to protect privacy
Providing data breach notifications
Safely handling the transfer of data across borders
Requiring certain companies to appoint a data protection officer to oversee GDPR compliance


Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. Parties agree that it is of paramount importance that any Processing of Personal Data is in compliance with Data Protection Laws as applicable to such party at all times in their respective capacity as a Controller or a Processor. To the extent a party is sharing Personal Data (each a “Controller”) with the other party (each a “Processor”), the former as the Controller will have the responsibility to obtain appropriate consents for Processing of Personal Data as permitted under this Rider. The Controller will notify the Processor of any Data Subject request towards deletion, rectification or opt-out election, which the Processor will facilitate without undue delay.