The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. We present 8 things you need to know about upcoming GDPR regulation:
1. What is the General Data Protection Regulation?
The GDPR is a package of new legislative rules being introduced by the European Union to make it easier for residents of EU countries to protect their personal data online. The regulation was officially approved on April 27, 2016, and will formally go into effect across the entirety of the EU by May 25, 2018. Read more here.
Give us your Consent today
2. Who does the GDPR affect?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
3. What Data is Covered by the General Data Protection Regulation?
The GDPR covers not only uniquely identifying information such as official identity documents similar to Social Security numbers in the U.S. and Social Insurance Numbers in Canada, but also information routinely requested by websites, including:
- computer IP address,
- physical device information such as a computer’s address,
- individuals’ home addresses,
- dates of birth,
- email address,
- post and social network websites, and
- online financial information including online transaction histories.
Essentially, the GDPR protects any and all personal user data across virtually every conceivable online platform. View the Infographic – Data protection regulation.
Give us your Consent today
4. Why is the General Data Protection Regulation Necessary?
Many European countries already have their own robust data collection and storage laws, but the GDPR’s purpose is to make safeguarding users’ data stronger, easier, and more uniform across the European Union, unifying existing data protection regulations across its 28 member states. How exactly does privacy regulation differ in the United States and in the European Union? See below for the top ways in which privacy regulation varies between these two large economies.
The GDPR will supersede any and all existing data privacy and protection laws currently upheld by the EU’s member states.
5. What Does the GDPR Mean for Overseas Businesses?
The GDPR means that companies all over the world, irrespective of where they are based, will have to comply with the legislation’s laws on how user data about EU nationals is processed, gathered, and stored. Under the GDPR, European users have the legal right to question or appeal how their personal information is presented by algorithms such as those used by Google in its search business. This is an extension of the “right to be forgotten” laws that made headlines when the measures were first introduced in the EU and Argentina back in 2006.
6. Do I Need to Hire a Data Protection Officer to Comply with the GDPR?
You may have a legal obligation to hire a Data Protection Officer (DPO) to ensure compliance with the GDPR. However, there are exceptions. You only have to hire a DPO if:
- Your organization is a public authority (i.e. a company that exercises control over the maintenance of public infrastructure or has broad powers to regulate public property)
- Your organization is engaged in large-scale systematic monitoring of user data
- Your organization processes large volumes of personal user data
Cloud-Based Storage is NOT Exempt from the GDPR
While we’re on the topic of whether you need to hire a Data Protection Officer to comply with the GDPR, it’s worth mentioning that companies that rely upon cloud-based storage providers will not be exempt from the GDPR. This means that if your company uses Amazon Web Services, Google Cloud, or Microsoft Azure, you will NOT be able to blame Amazon, Google, or Microsoft for failure to comply with the GDPR.
7. What Happens to Companies That Fail to Comply with the GDPR?
Firms that are found to have breached or violated any part of the legislative package after initial sanctions can be fined up to €20 million (approximately $23.5 million USD) or 4% of a company’s worldwide turnover, whichever is greater.
7. What is ‘Affirmative Consent’ in the Context of the GDPR?
Under the GDPR, affirmative consent laws will be strengthened. This means that companies that conduct business with EU nationals will no longer be able to bury hidden clauses in lengthy, verbose terms of service agreements or otherwise obscure their intentions through legal trickery. The GDPR states that EU nationals must not only give their express permission before a company can process or store their data, but also that companies must provide EU nationals with clear, easily understood opt-in processes that expressly state how users’ data will be stored, processed, or used.
Give us your Consent today
8. How Stringently Will the GDPR Be Enforced?
When the GDPR goes into effect in 2018, it will become one of the most robust consumer data protection initiatives in the world – if not the most. As a result, companies should expect the regulation to be rigidly enforced.
Although you may not be legally required to hire a dedicated Data Protection Officer, you absolutely MUST comply with the GDPR regulation if you collect, store, or process data from ANY EU nationals, regardless of how many. Failure to do so may result in the kind of stunning financial penalties.
Now that we know why GDPR is so important, we are asking you for your cooperation and consent! We would like to inform you about Beenius consultancy services, products, promotions, prices, infographics, brochures, webinars, as well as invite you to Beenius demo presentations, so don’t wait till May and give us your consent today!