General Data Protection Regulation (GDPR) is due to hit all 28 EU member states on May 25, 2018. It represents the biggest change to data protection law in 30 years. Besides a tighter privacy environment, GDPR also introduces much steeper penalties for data breaches (fines of up to €20 million or 4% of global annual turnover; whichever is higher).
Wherever you are in the world, as long as you do business in the EU and handle EU residents’ data, GDPR will mean a whole new era of data governance and enhanced requirements on security and personal data.
As of March 2018, ADP ranks among an elite group of companies worldwide to have gained regulators’ approval to implement Binding Corporate Rules (BCRs) – explicitly recognized by GDPR as an appropriate safeguard for transfers of personal data out of the EU - as both a data processor and data controller.