Home / Governance Resources / Director FAQs and Essentials / What Boards Should Know About the GDPR FAQ

More…

Committees & Roles

Core Oversight Topics

What Boards Should Know About the GDPR FAQ

By NACD Staff

01/16/2023

Committees and Roles

In brief: The European Union’s General Data Protection Regulation (GDPR) requires—with some exceptions—affirmative opt-in and usage notices for data collection in the European Union (EU) by any organization with 250 or more employees. It applies to European organizations collecting data within the EU and non-European companies with data subjects based anywhere in the region. Any person located within the EU is considered to be a “data subject” under the regulation. The regulation mandates in detail the proper procedures related to required data collection and usage, including cybersecurity measures, making compliance a challenge, especially for smaller firms.

Member-Only Content

For full access, please log in, or explore membership options.

JOIN NACD

Discover More

Credentials

NACD Directorship Certified^™

The premier designation for directors in the United States
Professional Development

Education & Events

Browse a selection of in-person and on-demand opportunities.
Local Programming

NACD Chapters

Get involved with more than 20 local chapters nationwide.
Effectiveness

Board Advisory Services

NACD offers custom consulting services to maximize boardroom potential.

What Boards Should Know About the GDPR FAQ

Member-Only Content

Discover More

NACD Directorship Certified^™

Education & Events

NACD Chapters

Board Advisory Services

NACD Directors Summit^TM

October 6-9 | Washington, DC, Area

Empowering Directors. Transforming Boards.

What Boards Should Know About the GDPR FAQ

Member-Only Content

Discover More

NACD Directorship Certified™

Education & Events

NACD Chapters

Board Advisory Services

NACD Directors SummitTM

October 6-9 | Washington, DC, Area

NACD Directorship Certified^™

NACD Directors Summit^TM