How GDPR impacts you, your business, and your personal data
What is personal data under GDPR?
- Any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, or online identifiers, including IP addresses and cookies
- Physical, genetic, mental, economic, cultural, or social identifiers if they can be traced back to a specific individual
- Data for individuals in all personas—be that work, public, or private
More and more data is collected from each of us every day. This volume and prevalence of data, its complexity, and its value combine to make us expect more protection and privacy in an ever-connected world. An important new regulation, designed to protect the privacy of people in the European Union, will be enforced starting May 25, 2018.
Fundamentally, the European Union’s (EU) General Data Protection Regulation (GDPR) is designed to empower individuals by giving them more control over their personal data—defined as any information relating to an identified or identifiable natural person—and to establish a single set of data protection rules across the EU. But it doesn’t just apply to EU organizations; it applies to all organizations, anywhere in the world, that target, collect, or use the personal data of any EU resident. To comply with the GDPR, McAfee and other companies must “implement appropriate technical and organizational” measures to protect personal data. In addition to these security requirements, companies must, among other things:
- Know what data they hold and have appropriate rights to use the data
- Be able to answer questions from consumers, including employees and former employees, about what type of data they hold, and, in some cases, delete data they no longer need
- Consider privacy and security at the start of a project or in first building a product, and do a review of projects before launching
- Tell their main regulator within 72 hours (of becoming aware) if they have a breach
- Require their vendors to also secure their data, and record this commitment in a contract
McAfee’s commitment to GDPR readiness
“One of the most important things GDPR does is require a culture of data protection. This goes hand-in-hand with McAfee’s mission to protect our customers’ critical systems and data with leading-edge cybersecurity solutions. Our internal compliance is crucial to the role our products play in helping customers comply with their obligations under GDPR, as well as other privacy and security laws.”
—Chris Young, chief executive officer, McAfee
McAfee has worked hard to be ready for the GDPR enforcement date, reviewing our products, processes, data protection policies, and security controls. We are committed to compliance with this and all applicable laws. We have enhanced processes to prepare to address effectively the particular rights of people in the EU. We have generated written guidance to help our customers understand how our products collect and use personal data, and we are prepared to answer questions from our consumer and corporate customers as well as our employees.
“The McAfee GDPR Readiness project has been a great example of how Together is power. Cross-functional teams—hundreds of people from around the company—have worked tirelessly to improve our products, processes, and documentation, and to learn more about this important new law,” said Flora Garcia, senior attorney, privacy and security, and GDPR lead for McAfee.
Personal data collection and compliance
Disclaimer: The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, is for information purposes only, and does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit, promise, or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.