Enforcement Date: 25th of May 2018
What is GDPR? Sounds very complex.
GDPR is a regulation designed to standardize data privacy laws across the entire of Europe. Data privacy is really serious matter and not to be treated lightly. Especially considering what has been happening with confidential data leakage through 3rd party apps on Social Media recently.
Ah, my business is not located in the EU, I’m Fine.
Not really. The regulation has been extended to cover larger jurisdiction. It will now apply to the processing of personal data by processors and controllers in the EU, regardless whether the processing takes place in the EU or Outside.
The regulation also applies to the processing of personal data of subjects of the EU regardless if the Processor or Controller is in or out of the EU.
In short, the regulation applies, if your business offers goods or services to EU or if you manipulate EU citizen’s data. Regardless of the location of your business.
So, what can happen?
The fine can be up to 4% of the annual global turnover or €20M (whichever is greater).
How do I know if I am manipulating personal data?
Personal data is qualified as but not limited to: IP Addresses, Medical information, email address, Name, Home Address, Photo, Bank information, Passport & Travel documents, and YES, any posts made on Social Media.
What’s that thing about Controllers and Processors, those are located inside computers no?
A controller is an entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
What do I do next?
Doing nothing is a strategy. But that’s not going to help.
Every organization needs to prepare. You will need to determine where your data is coming from and have a data security breach process in place through Technical and Organizational Measures. You will need to ask yourself how you will react to a data breach.
I’m still lost.
Don’t be. There’s a variety of tools to help you assess your current situation and get ready to conform. There are even companies that will assist you during this exercise. For example, IBM has a 5 Step Approach to guide you and has experts ready to help.
EU GDPR Portal (https://www.eugdpr.org/)
IBM Security (https://www.ibm.com/security/data-security/gdpr)