General Data Protection Regulation

The General Data Protection Regulation

What is the GDPR?

The General Data Protection Regulation (GDPR), which came in to force on May 25, 2018, was an important legal development intended to streamline data protection laws and create a harmonized regulatory environment. A key aim of the law is to facilitate seamless data sharing, encourage technological innovation while supporting and maintaining data privacy rights through organizational accountability and transparency mechanisms.

Changes Included:

  • Global reach: The expansion of reach was designed to accommodate and support global business practices and data sharing. The GDPR is applicable to organizations not established in the EU (be they controllers or processors) processing personal data of EU data subjects where their processing relates to the offering of goods or services to EU data subjects or the monitoring of behavior within the EU.
  • Expanded Personal Data Definition: Personal data is defined as any information relating to an individual that can directly or indirectly identify an individual, for example by reference to identifiers such as names, identification numbers, location data, online identifiers or to one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity. The GDPR recognizes that technology and its application to organizational and everyday life has broadened the data sets collected and used by organizations. Widening the definition of personal data aligns the law with our everyday lives and organizational practices.
  • Individual Rights: Individuals are provided with new rights under the GDPR including the right to deletion, the right to restriction and the right to data portability.
  • Organizational Accountability: The GDPR calls on organizations to establish accountability of their data processing utilizing the concepts prescribed including privacy by design, privacy impact assessments, user-centric privacy notices, and the creation of an organizational culture of privacy awareness and accompanying practices.

 

What is Blue Yonder doing?

Blue Yonder has analyzed the requirements of the law and has made, where required, appropriate and relevant, the enhancements to our products, contracts and policies to meet the GDPR standards. To deliver on this effort, we established an enterprise-wide cross-functional GDPR program. We look forward to working with our customers on their GDPR compliance efforts.

Blue Yonder’s Commitment to Data Protection

As a market leader in supply chain solutions, privacy is a cornerstone of our thinking when designing, building, refining and rolling out products at Blue Yonder.

If you wish to contact us please reach out to privacy@blueyonder.com