The Complete Guide to the New Lease Accounting Standard
We've created this resource center to keep you informed and up to date with helpful information about the new FASB and IASB leasing standards.
On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. AMTdirect is here to help our customers in their efforts to comply with the GDPR through our robust privacy and security protections.
What is the GDPR?
A new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What does the GDPR Oversee?
The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
How does the GDPR Impact Privacy Laws?
The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:
Expanded rights for EU individuals: The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.
Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
Binding Corporate Rules (BCRs): The GDPR officially recognizes BCRs as a means for organizations to legalize transfers of personal data outside the EU.
One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
AMTdirect welcomes this opportunity to exercise our commitment to data protection. Similar to existing legal requirements, compliance with the GDPR requires a partnership between AMTdirect and our customers in their use of our services. AMTdirect will comply with the GDPR in the delivery of our service to our customers. We are also dedicated to helping our customers comply with the GDPR. We have closely analyzed the requirements of the GDPR and are working to make enhancements to our products, contracts, and documentation to help support AMTdirect's and our customers’ compliance with the GDPR.
At AMTdirect nothing is more important than the success of our customers and the protection of our customers’ data. Our robust privacy and security program meets the highest standards in the industry. We have consistently reinforced our commitment to protecting our customers’ through our actions and investments.
The potential impact of the GDPR, goes well beyond your organization's use of AMTdirect, but we recommend that our clients work with their internal teams to ensure that all communications sent from AMTdirect to individuals in the EU comply with the regulation.
Most organizations will want to:
Additional information about the GDPR is available on the official GDPR website of the EU .