What is the GDPR?
The GDPR was designed to unify data privacy laws across Europe, to regulate companies’ personal data procedures, and to address the export of personal data outside of the EU. It includes the “right to be forgotten”, explicit confirmation of data processing, breach notification, and more. You can read more about the different specifications here.
When does the GDPR come into force?
Though approved by the European Parliament on April 14th, 2016, the transition period ends on May 25th, 2018, after which the GDPR will become officially enforceable.
What does “compliance” actually mean?
The GDPR has set a new standard for data protection and imposes companies to protect customers’ data accordingly or face hefty fines administered by supervisory authorities. Luckily, as mentioned above, movingimage complies with the GDPR: Not only did it implement the GDPR processes in 2017, but it also ensured that the legal data protection process is standardized as well as easy to implement, following the Privacy by Design standard.
Does the EU-U.S. privacy shield qualify as a compliance mechanism with GDPR?
No. Up until recently, companies could rely on the Privacy Shield Framework to comply with EU data protection requirements. However, on July 16, 2020, the European Union Court of Justice issued a judgment declaring the EU-U.S. Privacy Shield is an “invalid” mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Consequently, companies must store their data within the EU to be considered GDPR-compliant. movingimage hosts data in European-based clouds, giving companies peace of mind that their data is always stored in compliance with GDPR. In addition, movingimage has concluded EU standard contract clauses with its contractual partners to ensure GDPR-compliant data processing for customers.