What is GDPR?
Commonly known as EU GDPR – the European Union (EU) General Data Protection Regulation (GDPR) will be applicable from May 25th, 2018 to harmonize data privacy laws throughout the EU. Organizations are required to be GDPR compliant by that date. GDPR is targeted to strengthen data protection for individuals within the EU and also addresses the export of personal data outside of the EU.
Who does the GDPR affect?
The GDPR applies to organizations located within the EU as well as outside of the EU, if they offer products and/or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
The GDPR specifies two levels of fines:
Breaching GDPR/Failure to comply: Up to an amount that is the GREATER of €10 million or 2% of global annual revenue from the prior year.
Data Breach/Article 28: Up to the amount that is GREATER of €20 million or 4% of global revenue from the prior year.
What is personal data?
Any information related to a living individual or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.