GDPR
EU regulation for personal data protection and privacy
EN 1090
EU harmonized standard for steel/aluminium structural execution.
Quick Verdict
GDPR mandates data privacy for all EU data processors globally, enforcing rights and accountability with hefty fines. EN 1090 requires certified execution of structural steel/aluminium for construction market access via CE marking. Companies adopt GDPR for compliance, EN 1090 for EU sales.
GDPR
Regulation (EU) 2016/679 (GDPR)
Key Features
- Extraterritorial scope applies to non-EU entities targeting EU residents
- Accountability principle requires demonstrating ongoing compliance
- Fines up to 4% of global annual turnover for violations
- Comprehensive data subject rights including erasure and portability
- 72-hour mandatory breach notification to authorities
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Factory Production Control (FPC) certification by notified body
- Execution Classes (EXC1-4) for risk-based scaling
- CE marking and Declaration of Performance (DoP)
- Welding quality management via ISO 3834 alignment
- Material traceability and NDT inspection requirements
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
GDPR Details
What It Is
General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679, is a binding EU regulation replacing the 1995 Directive. It protects personal data of EU residents with global reach via extraterritorial scope. Employs risk-based accountability approach for lawful processing.
Key Components
- Seven core principles: lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, accountability.
- Data subject rights: access, rectification, erasure ('right to be forgotten'), portability, objection.
- Obligations: DPIAs for high-risk processing, DPO appointment, processing records, 72-hour breach notifications.
- Compliance via demonstrated measures, enforced by DPAs with fines up to 4% global turnover.
Why Organizations Use It
Mandated for any processing EU data; avoids severe penalties. Enhances risk management, builds customer trust, enables Digital Single Market participation. Positions as global privacy leader, influencing laws like LGPD, CCPA.
Implementation Overview
Involves gap analysis, policy/tech updates, training, DPO setup. Applies universally to controllers/processors handling EU data, all sizes/industries. Ongoing DPA audits, no formal certification; two-year transition originally aided prep.
EN 1090 Details
What It Is
EN 1090 is a family of harmonized European standards (EN 1090-1, -2, -3) for the execution and conformity assessment of structural steel and aluminium components/kits. It implements the EU Construction Products Regulation (CPR), enabling CE marking. Its risk-based approach scales requirements via Execution Classes (EXC1–EXC4) based on consequence, service, and production categories.
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
- **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, NDT).
- Core principles: Traceability, ISO 3834 welding alignment, notified body surveillance.
- Certification model: AVCP systems with initial audits and ongoing surveillance.
Why Organizations Use It
- Mandatory for EU market access via CE marking.
- Reduces liability, ensures structural safety.
- Builds capability in welding/inspection; enhances competitiveness.
- Boosts trust with clients, insurers.
Implementation Overview
Phased: Gap analysis, FPC build, personnel training, NB certification. Targets fabricators in construction; 3–12 months typical. Requires FPC audits, welding quals.
Key Differences
| Aspect | GDPR | EN 1090 |
|---|---|---|
| Scope | Personal data protection and privacy | Structural steel/aluminium execution |
| Industry | All sectors processing EU data | Construction, metal fabrication |
| Nature | Mandatory EU regulation | Harmonized technical standard |
| Testing | DPIAs, audits by DPAs | FPC certification, NB audits |
| Penalties | Up to 4% global turnover fines | Market exclusion, no CE mark |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about GDPR and EN 1090
GDPR FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook
Master CMMC sustainment beyond certification: continuous monitoring dashboards, SPRS/eMASS affirmations, enforceable subcontractor clauses. Get templates for ve
Proving CIS Controls v8.1 Works: A KPI & Evidence Framework for Board Reporting, Audits, and Continuous Assurance
Prove CIS Controls v8.1 effectiveness with KPI catalog, evidence checklist & reporting cadence. Ideal for board reports, audits & cyber-insurance. Measure outco
The Regulatory Radar: How Data-Driven Compliance Tools Provide Strategic Foresight
Unlock strategic foresight with data-driven compliance tools. Act as your regulatory radar: real-time monitoring, automated insights, and 3x cost cuts. Anticipa
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Check out these other Gradum.io Standards Comparison Pages
ISO 37301 vs CIS Controls
ISO 37301 vs CIS Controls: Compare certifiable compliance CMS with 18 prioritized cyber safeguards. Align HLS risk planning, leadership & audits for integrated resilience. Choose now!
POPIA vs EN 1090
Unpack POPIA vs EN 1090: SA privacy law meets EU steel standards. Discover key differences, compliance strategies, risks & implementation tips for global success.
FERPA vs ISO 56002
FERPA vs ISO 56002: Compare student privacy law with innovation management system. Uncover key differences, compliance strategies & governance tips for educators/executives. Dive in now!