Home / All Governance Resources / Director FAQs and Essentials / What Boards Should Know About the GDPR FAQ
Director FAQs and Essentials / What Boards Should Know About the GDPR FAQ

Future of the American Board

Blue Ribbon Commission Reports

Director FAQs and Essentials

What Boards Should Know About the GDPR FAQ

By NACD Staff

01/16/2023

Committees and Roles

In brief: The European Union’s General Data Protection Regulation (GDPR) requires—with some exceptions—affirmative opt-in and usage notices for data collection in the European Union (EU) by any organization with 250 or more employees. It applies to European organizations collecting data within the EU and non-European companies with data subjects based anywhere in the region. Any person located within the EU is considered to be a “data subject” under the regulation. The regulation mandates in detail the proper procedures related to required data collection and usage, including cybersecurity measures, making compliance a challenge, especially for smaller firms.

Thank you for your interest in this page.

Member-Only Content

For full access, please log in, or explore membership options.
Join NACD

Discover More