What is GDPR and what does it mean for your company?
The GDPR has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights and strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR.
The regulation went into effect on May 25th, 2018, and the penalties for non-compliance are significant. In some cases, violators of the GDPR may be fined up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater. If your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then all the provisions of GDPR apply, including: More rigorous data security measures to protect the confidentiality, integrity and availability of personal information. Data controllers and processors must limit collection to only the purposes for which consent was obtained. A higher bar for obtaining consent, which must be in the form of a clear affirmative action. New breach notification provisions. The definition of “data breach” is a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” The ability for the data subject to access, correct and delete any inaccurate information, including a “right to be forgotten.”
Unit 15 Cavendish Centre,
Winall Close, Winchester SO23 0LB BUnit
Mobile:+44 7388 031376
Telephone:+44 1962 841362