GDPR Portal

The EU General Data Protection Regulation (GDPR) is a sweeping regulation that replaces the aging Data Protection Directive (95/46/EC), modernizes the EUs approach to privacy and data protection and harmonizes privacy and data protection laws across the EU.

GDPR went into effect on May 25, 2018. It brings with it fines as large as €20 million or 4% of global turnover (whichever is higher) for non-compliance. The Regulation applies to many more companies than the old Directive as companies established in the EU and some outside the EU fall under its scope. Notably, the Regulation applies directly to both controllers and processors of personal data. Its structure also imposes new duties on companies and preserves new rights for individuals.

(Read all the latest GDPR-related articles and news from the Insights Association.)

What is GDPR?

Where Do I Start?

Key Topics

GDPR FAQs

GDPR: Do U.S. Companies Need to Appoint a Data Protection Officer (DPO)?

GDPR Webinar Series

GDPR Compliance - How Implementing an Information Security System Can Help

GDPR: Relevant Definitions

GDPR: Notice: The Individual’s Right to be Informed

GDPR: What is a Legal Basis for Processing Personal Data?

GDPR: Consent

GDPR: The Right of Access and How to Respond to Subject Access Requests

GDPR: FAQs on Privacy Shield, DPOs, DPIAs, Risk, Consent, Legitimate Interest, Legal Basis

GDPR: Processing and Protecting Children’s Data

GDPR: Does GDPR Apply to EU Citizens Residing in the U.S. or to Americans in Europe?

GDPR: Model Form for Consent for Personal Data Capture and Data Transfer

GDPR: Transferring Data Across Borders under the EU’s Protective Regulation

GDPR: U.S.-EU Privacy Shield and GDPR Compliance

GDPR: Are Cookies OK in the GDPR?

GDPR and Personal Data Retention: How Long Should You Keep a Subject’s Data?

GDPR: Is encrypted data pseudonymous or anonymous?

GDPR: A Legal Basis for Processing Personal Data

EU Court of Justice Invalidates U.S.-EU Privacy Shield

Next Steps for Trans-Atlantic Data Sharing Post-Schremms

DOES MY COMPANY HAVE TO COMPLY WITH GDPR?

  • Does your company have a presence in Europe?
  • Does your company monitor or track behavior in Europe?

If you answered yes to either question above it's likely your company has to comply with the GDPR.

WHAT ARE THE CONSEQUENCES OF NON-COMPLIANCE?

Sky high fines! The GDPR empowers Data Protection Authorities to impose fines as high as €20 million or 4% of global turnover (whichever is higher).

Featured Article: GDPR Compliance - How Implementing an Information Security System Can Help

Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.

About Us

The Insights Association protects and creates demand for the evolving Insights and Analytics industry by promoting the indisputable role of insights in driving business impact. All revenue is invested in quality standards, legal and business advocacy, education, certification and direct support to enable our members to thrive.

The 2019 IA Code of Standards and Ethics for Marketing Research and Data Analytics may be found here.

More About Us

About Our Members

Our members are the world's leading producers of intelligence, analytics and insights defining the needs, attitudes and behaviors of consumers, organizations and their employees, students and citizens. With that essential understanding, leaders can make intelligent decisions and deploy strategies and tactics to build trust, inspire innovation, realize the full potential of individuals and teams, and successfully create and promote products, services and ideas. 

Learn How We Do It

Contact Us

1156 15th Street NW, Suite 700
Washington, DC 20005
(202) 800-2545