GDPR stands for General Data Protection Regulation. It is a new European regulation that covers data protection and is aimed at improving and unifying the way personal data is currently protected. The Regulation will take effect on the 25th of May 2018 and it will replace the current European Data Protection Directive. Here we will give you information about “5 things you need to know about GDPR 2018”. In this article, we will discuss “5 things you need to know about GDPR 2018”.
Despite the 2 year implementation time, businesses are still; being caught with their pants down and are not prepared for these new changes. Below are 10 things you need to know about these new regulations. Failure to know these and act upon them could result in hefty fines and serious consequences.
1. What is considered to be personal data?
The concept of ‘personal data’ can define very broadly. In general, it means any type of information that relates to an identifiable or identifiable ‘natural person’. That allows the ‘natural person’ easily identify based on the data such as their IP address, ID number or their physical/physiological/genetic/mental/economic/cultural features or attributes.
2. Who does GDPR apply to?
The GDPR applies to data controllers and data processors – in other words to every organization that processes, stores, or transmits personal data of EU residents.
What’s the difference between a data processor and a data controller?
The main difference between the two is that the controller decides how and for what purpose of the personal data process. While the processor acts on the controller’s behalf but both have obligations under GDPR.
3. Does GDPR apply only to EU-based companies?
The GDPR applies to the processing of personal data of EU citizens. This means that it not only applies to EU based organizations but that it also applies to organizations that are based outside of the EU that offer goods or services to EU citizens or any organization that processes the data of EU citizens. In other words, the vast majority of organizations.
4. What if I don’t follow GDPR? What are the penalties?
When GDPR is enforced, organizations that breach the regulations may be fined either between 2% to 4% of their annual global turnover or up €20 million, whichever is higher. Frequent breaches of the regulations and failure to address the issue can even result in higher fines of up to €40 million.
5. Will the fines really be enforced? How?
We won’t know until the GDPR actually comes into force. It will be up to the national data protection authorities in each jurisdiction to enforce the new rules. It is important to be mindful of the fact that organizations can use privately as well. Which means that non-compliance can be costly, even if a company doesn’t get fined by their Relevant Data Protection Authority.