The era of GDPR has arrived
it arrived on 25 May 2018.
Enforcement date: 25 May 2018 – after this date, organizations in non-compliance may face heavy fines.
If you process data about individuals in the context of selling goods or providing services to residences in EU countries, you are required to comply with GDPR. Non-compliance organizations are subject to be fined up to 4% of annual global turnover, or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the principles of GDPR.
GDPR not only applies to organizations located within the EU but it will also impact organizations outside of the EU if they offer goods or services to, or monitor the behaviors of, EU data subjects. It applies to all companies processing personal data of data subjects residing in the European Union, regardless where are the companies.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast the previous legislation, which is a directive.
Compliance with GDPR is a bottom up management. The first thing is about your awareness and readiness in all levels of staff who will process the personal data in your organization processes. Follow the principles of GDPR which constitute the core requirements of GDPR, and establish relevant procedures of processing to meet the requirements of organizational measures of GDPR.