The General Data Protection Regulation (GDPR) took effect in mid 2018.

GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU).

This new regulation impacts both organizations that conduct business in the EU, as well as businesses that maintain or process EU personal data.

SubC3D recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness by no later than the effective date.

Some key GDPR principles include:

Integrity: Securing and safeguarding personal data using appropriate technical and organizational security measures
Lawfulness: Ensure a legal basis for processing personal data, and process that data in a fair and transparent manner
Limited Use: Personal data we collect are for specific, explicit, or legitimate purposes
Data Minimization: Only collect data that is relevant and necessary for its intended use
Accuracy: Personal data will be accurate and up-to-date
Storage Limitation: Subject to relevant exceptions, maintain personal data only for as long as is deemed necessary and reasonable