The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. We present 8 things you need to know about upcoming GDPR regulation:
The GDPR is a package of new legislative rules being introduced by the European Union to make it easier for residents of EU countries to protect their personal data online. The regulation was officially approved on April 27, 2016, and will formally go into effect across the entirety of the EU by May 25, 2018. Read more here.
Give us your Consent today
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR covers not only uniquely identifying information such as official identity documents similar to Social Security numbers in the U.S. and Social Insurance Numbers in Canada, but also information routinely requested by websites, including:
Essentially, the GDPR protects any and all personal user data across virtually every conceivable online platform. View the Infographic – Data protection regulation.
Give us your Consent today
Many European countries already have their own robust data collection and storage laws, but the GDPR’s purpose is to make safeguarding users’ data stronger, easier, and more uniform across the European Union, unifying existing data protection regulations across its 28 member states. How exactly does privacy regulation differ in the United States and in the European Union? See below for the top ways in which privacy regulation varies between these two large economies.
The GDPR will supersede any and all existing data privacy and protection laws currently upheld by the EU’s member states.
The GDPR means that companies all over the world, irrespective of where they are based, will have to comply with the legislation’s laws on how user data about EU nationals is processed, gathered, and stored. Under the GDPR, European users have the legal right to question or appeal how their personal information is presented by algorithms such as those used by Google in its search business. This is an extension of the “right to be forgotten” laws that made headlines when the measures were first introduced in the EU and Argentina back in 2006.
You may have a legal obligation to hire a Data Protection Officer (DPO) to ensure compliance with the GDPR. However, there are exceptions. You only have to hire a DPO if:
Cloud-Based Storage is NOT Exempt from the GDPR
While we’re on the topic of whether you need to hire a Data Protection Officer to comply with the GDPR, it’s worth mentioning that companies that rely upon cloud-based storage providers will not be exempt from the GDPR. This means that if your company uses Amazon Web Services, Google Cloud, or Microsoft Azure, you will NOT be able to blame Amazon, Google, or Microsoft for failure to comply with the GDPR.
Firms that are found to have breached or violated any part of the legislative package after initial sanctions can be fined up to €20 million (approximately $23.5 million USD) or 4% of a company’s worldwide turnover, whichever is greater.
Under the GDPR, affirmative consent laws will be strengthened. This means that companies that conduct business with EU nationals will no longer be able to bury hidden clauses in lengthy, verbose terms of service agreements or otherwise obscure their intentions through legal trickery. The GDPR states that EU nationals must not only give their express permission before a company can process or store their data, but also that companies must provide EU nationals with clear, easily understood opt-in processes that expressly state how users’ data will be stored, processed, or used.
Give us your Consent today
When the GDPR goes into effect in 2018, it will become one of the most robust consumer data protection initiatives in the world – if not the most. As a result, companies should expect the regulation to be rigidly enforced.
Although you may not be legally required to hire a dedicated Data Protection Officer, you absolutely MUST comply with the GDPR regulation if you collect, store, or process data from ANY EU nationals, regardless of how many. Failure to do so may result in the kind of stunning financial penalties.
Now that we know why GDPR is so important, we are asking you for your cooperation and consent! We would like to inform you about Beenius consultancy services, products, promotions, prices, infographics, brochures, webinars, as well as invite you to Beenius demo presentations, so don’t wait till May and give us your consent today!