With the enforcement date looming, now is the time for organizations to determine whether the EU’s new General Data Protection Regulation (GDPR) applies to their business, and to sort out steps to take in preparation of the law’s enforcement. First thing’s first – do you need to worry about GDPR? Answer these questions to find out.
Here are a few fast facts about GDPR:
What is GDPR and when is it effective?
General Data Protection Regulation (GDPR) is the EU’s new regulation designed to govern the collection, storage, and usage of private information. The regulation was created in 2016 and has an enforcement effective date of May 25, 2018.
What is the regulation’s intent?
In short, the regulation is intended to provide citizens of the EU with more control around their personal information. The law aims to unify privacy laws in the EU and sets strict standards for the collection and storage of private information, with unprecedented requirements surrounding consent, inventory accounting, demonstration of compliance, and notification of potential data breaches. While governed by the EU, GDPR will apply to any organization that collects or processes data of EU citizens, regardless of where the business is located.
What are the ramifications of non-compliance?
Non-compliance could have crippling consequences. Penalties for non-compliant companies that experience breaches could be up to 20 million euros (about $24,000,000 USD), or 4% of the company’s global revenue – whichever of the two is larger.