General Data Protection Regulation (GDPR)

How GDPR impacts you, your business, and your personal data

More and more data is collected from each of us every day. This volume and prevalence of data, its complexity, and its value combine to make us expect more protection and privacy in an ever-connected world. An important new regulation, designed to protect the privacy of people in the European Union, was enforced May 25, 2018.

Fundamentally, the European Union’s (EU) General Data Protection Regulation (GDPR) is designed to empower individuals by giving them more control over their personal data—defined as any information relating to an identified or identifiable natural person—and to establish a single set of data protection rules across the EU. But it doesn’t just apply to EU organizations; it applies to all organizations, anywhere in the world, that target, collect, or use the personal data of any EU resident. To comply with the GDPR, McAfee and other companies must “implement appropriate technical and organizational” measures to protect personal data.

In addition to these security requirements, companies must, among other things:

  • Know what data they hold and have appropriate rights to use the data
  • Be able to answer questions from consumers, including employees and former employees, about what type of data they hold, and, in some cases, delete data they no longer need
  • Consider privacy and security at the start of a project or in first building a product, and do a review of projects before launching
  • Tell their main regulator within 72 hours (of becoming aware) if they have a breach
  • Require their vendors to also secure their data, and record this commitment in a contract

What is personal data under GDPR?

  • Any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, or online identifiers, including IP addresses and cookies
  • Physical, genetic, mental, economic, cultural, or social identifiers if they can be traced back to a specific individual
  • Data for individuals in all personas—be that work, public, or private

GDPR Solutions from MVISION Cloud

Learn how McAfee MVISION Cloud can help organizations conform to EU data protection legislation

Download Now

McAfee’s commitment to GDPR readiness

McAfee has worked hard to be ready for the GDPR enforcement date, reviewing our products, processes, data protection policies, and security controls. We are committed to compliance with this and all applicable laws. We have enhanced processes to prepare to address effectively the particular rights of people in the EU. We have generated written guidance to help our customers understand how our products collect and use personal data, and we are prepared to answer questions from our consumer and corporate customers as well as our employees.

“The McAfee GDPR Readiness project has been a great example of how Together is power. Cross-functional teams—hundreds of people from around the company—have worked tirelessly to improve our products, processes, and documentation, and to learn more about this important new law,” said Flora Garcia, senior attorney, privacy and security, and GDPR lead for McAfee.

“One of the most important things GDPR does is require a culture of data protection. This goes hand-in-hand with McAfee’s mission to protect our customers’ critical systems and data with leading-edge cybersecurity solutions. Our internal compliance is crucial to the role our products play in helping customers comply with their obligations under GDPR, as well as other privacy and security laws.”

—Chris Young, chief executive officer, McAfee

Personal data collection and compliance

McAfee product statements provide information for customers, potential customers, and partners about what data is involved in the processing, where we store data and how it is secured, and how data is retained and deleted.

McAfee Business Users & Corporate Partners

Corporate product statements are available for specific product compliance on request and provide information about the personal data collected by the product. Product statements are available from McAfee partner and sales teams. These documents require a valid and executed nondisclosure agreement (NDA) with McAfee.

  • For corporate and enterprise customers, contact your McAfee account manager or, if unknown, please contact us.
  • For McAfee corporate and enterprise partners, contact your McAfee channel account manager or, if unknown, please contact us.

Learn more about your personal data

If you have an inquiry regarding your personal information held by McAfee, including your personal information collected through your use of our products, go to the

How can McAfee solutions help you?

At McAfee, we believe that the GDPR is a great opportunity for security professionals to work closely with other business functions to integrate data protection into the fabric of business processes. It also offers an opportunity for chief information security officers to get board-level commitment to provide appropriate investment in the security function.

McAfee technology solutions and services cover these areas of the data security lifecycle: data discovery, application security, data loss prevention, cloud data protection, and breach detection and response in the security operations environment.

Disclaimer: The information provided on this General Data Protection Regulation (GDPR) page is our informed interpretation of the GDPR and is for information purposes only. It does not constitute legal advice, contractual commitment or advice on how to meet the requirements of any applicable law. This page is subject to change without notice and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the GDPR, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the GDPR or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this page.