The EU's GDPR: What you need to know
Policy makers in Brussels have recognised the 1995 ‘General Data Protection Regulation’ (GDPR) is no longer adequate considering the vast amounts of digital information being used worldwide. Despite having just gotten used to July’s revised ‘ePrivacy Directive’ (The cookie law), organisations or businesses that process data relevant to EU based individuals will soon be required to comply with an updated 1995 GDPR regulation – to be enforced from mid-2018.
What is GDPR?
The 'EU's General Data Protection Regulation' (GDPR) is a regulation that aim to strengthen and unify EU data protection laws for individuals within the EU.
How GDPR is relevant to you
Organisations found in breach of GDPR from 2018 will be subject to substantial fines of up to €20m or 4% of annual global turnover – whichever is higher. Whether your business is based within EU borders or beyond, the updated GDPR regulation applies to all organisations so long as your processed data can – directly or indirectly – identify an EU based individual.
Why GDPR is being enforced
Businesses that operate across the EU market will be familiar with the complex myriad of rules and legislation originating from different member states. GDPR aims simplify, strengthen and unite EU data protection laws under a single piece of legislation for EU individuals by implementing “One regulation across the EU.” This means all legislation from member states must now be consistent with EU regulations e.g. data storage, permissions, and rules. A second reason for GDPR is that policymakers have acknowledged data is used outside the EU; to protect EU privacy the updated regulation’s influence extends well beyond its own physical borders so long as processed data is relevant to a EU based individual – GDPR rules apply regardless of where the processing organisation is based.
GDPR changes to be aware of
There are four specific areas of change that businesses and firms should be aware of:
- One regulation across the EU – The updated GDPR aims to standardise and strengthen its privacy laws to be consistent among its members.
- Personalised data – All data relating to an EU individual is considered ‘personal’ under GDPR, regardless of whether an EU based individual has been identified directly or not.
- Going beyond EU shores – The influence of GDPR goes beyond the EU’s borders to recognise the global nature of data – regardless of where the data processing business is located.
- Regulation breaches – The consequences of firms breaching GDPR are subject to €20m fines or 4% of annual global turnover – whichever is higher.
The data protection and privacy landscape is undergoing substantial changes over the next few years, Data Protection Agencies across the EU have already begun implementing the process e.g. the UK’s ICO body has already published dedicated information online. Organisations and businesses operating across the EU will benefit from following GDPR updates closely, as front runners will likely to gain a competitive advantage from quick adoptions.
If you have any questions or want to find out more, contact us today for a FREE no commitment consultation.
Send us your comments
Your comment will not be published. If you have a question, do not forget to write your email address so that we can get back to you!