The GDPR or General Data Protection Regulation is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable on May 25, 2018.
As it stands, this law provides one single set of rules across the EU and will regulate how businesses use the personal data of its citizens. Organizations outside of the EU are subject to the jurisdiction of EU regulators. In other words, if you are a business that collects, changes, transmits, erases, or otherwise uses or stores personal data of EU citizens, you must comply with the GDPR. It doesn’t matter where your business is headquartered. It matters if you do business there.
This law gives consumers control of personal data collected by businesses that offer goods or service to, or monitor the behavior of, people living within the European Union. According to the GDPR, personal data is any information relating to a person who can be identified either directly or indirectly “by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.” (https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation) These identifiers include IP addresses and cookies.
Businesses that collect personal data must have documented consent. The consent must be unambiguous as well as specific and verifiable, requiring a a written record of when and how someone agreed to let you process their personal data. Furthermore, EU citizens have the right to ask for details about the way their data is being used and to receive responses in without delay.
It is also worthy of note that the fines attached to GDPR non-compliance are steep. Fines for failing to act can be between 10 million Euros or 2% of global annual revenue from the prior year to 20 million Euros or 4% of global annual revenue from the prior year.
Additional directives are given for data protection officers, privacy management, data collection, profiling, and more. The legislation is detailed and, like all legislation, the devil is in the details. So, if you are a company doing business in the EU, take the time to learn more information and read the law here: https://gdpr-info.eu/art-5-gdpr/.
Can we help with your GDPR compliance needs?