First what is GDPR? GDPR is General Data Protection Regulation. This is an EU law about data protection and privacy of all individuals within the European Union. Starting on May 25, 2018 all companies that process personal data of EU citizens must be GDRP compliant. So if you are operating in the EU and/or collecting EU citizens data you need to be compliant.
Here is a guide for GDPR.
Here are a couple of snippets from that guide:
GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679) and at its most basic, it specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general). It’s intended to strengthen data protection for all people whose personal information fall within its scope of application, putting personal data control back into their hands.
Where does it apply
The GDPR can apply where:
- An entity’s base of operations is in the EU (this applies whether the processing takes place in the EU or not);
- An entity not established in the EU offers goods or services (even if the offer is for free) to people in the EU. The entity can be government agencies, private/ public companies, individuals and non-profits;
- An entity is not established in the EU but it monitors the behaviour of people who are in the EU, provided that such behaviour takes place in the EU.
This scope effectively covers almost all companies and, therefore, means that the GDPR can apply to you whether your organization is based in the EU or not. As a matter of fact, this PwC survey showed that the GDPR is a top data protection priority for up to 92 percent of U.S. companies surveyed.
The GDPR becomes enforceable starting from May 2018.
If you need assistance on becoming GDPR compliant please contact us.