GDPR -Do you need to comply with the new EU regulations?
With the GDPR enforcement date of May 25th 2018 getting ever closer, many people are wondering whether or not they will need to comply. To help answer this question, you need to first have a basic understanding of what GDPR is and why it has been created. It’s worth noting that the onus falls on your company to prove why you don’t need to comply.
Why has GDPR been created?
GDPR (General Data Protection Regulation) has been created primarily to protect the personal data of EU citizens. It is intended to harmonise data protection law throughout the EU by removing the need for separate national implementation.
Who does GDPR affect?
The GDPR applies to all companies processing and holding the 'personal data' of data subjects (natural persons) residing in the European Union, regardless of that company’s location.
What does ‘Personal data’ mean?
‘Personal data’ is any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Does my business need to appoint a Data Protection Officer (DPO)?
The following organisations must appoint a DPO: (a) public authorities (b) organizations that engage in large scale systematic monitoring (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organisation does not fall into one of these categories, then you do not need to appoint a DPO.
Who will enforce GDPR?
The Data Protection Commissioner (DPC) of each EU country will enforce GDPR in their jurisdiction.
What are the fines?
The DPC will have the power to impose fines of a maximum of 4% of turnover, or €20 million, whichever is higher. Furthermore, individuals will be permitted to claim for compensation in the event that they have suffered a loss.
If your company processes, or holds ‘personal data’ (a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address of a natural person residing in the European Union), then your company needs to comply with GDPR.
For more information on GDPR compliance, feel free to contact us directly using the form below: