Privacy

What Is the GDPR?

The EU General Data Protection Regulation (GDPR) is a new, comprehensive data protection law that updates the EU’s existing data protection regime to strengthen the protection of EU residents’ personal data in light of rapid technological developments, increased globalization, and more complex, international data flows. It replaces the patchwork of national data protection laws currently in place with a single set of rules, which will help harmonize data protection law across the EU (and the European Economic Area (EEA)) by removing the need for national implementation.

The GDPR, which was adopted in 2016 and went into force on May 25, 2018, applies to organizations established both in and outside the EU that process EU residents’ personal data.

For more information about the GDPR, please visit the European Commission’s GDPR webpage.

Nielsen and the GDPR

Following the formal adoption of the GDPR in April 2016, Nielsen assembled a cross-functional GDPR team composed of Nielsen’s Chief Privacy Officer, EU Data Protection Officer, Legal Privacy team, and senior representatives from Nielsen’s Data Security, Engineering, Process Improvement and Technology teams.

As part of Nielsen’s ongoing commitment to transparency, accountability and the responsible stewardship of the personal data that we handle, our GDPR team has focused on identifying and addressing GDPR readiness priorities across Nielsen’s diverse products and businesses. To accomplish this, the team developed and managed various work streams across all of Nielsen’s business lines.

Some of the specific steps we have taken to prepare for the GDPR include:

Assessing our data processing activities to ensure that data protection is “baked in” to our products and services

Documenting our data processing activities and data flows

Updating our privacy notices to meet the GDPR’s transparency requirements

Implementing processes to give effect to the new and broader rights of data subjects under the GDPR (i.e., the “right to be forgotten” and right of data portability)

Reviewing and updating our vendor/supplier agreements to ensure that personal data is adequately protected

Enhancing our internal incident response and escalation processes

GDPR FAQs