On May25, 2018 the General Data Protection Regulation (GDPR) becomes enforceable. While it was created in the European Union (EU) it applies to the personal information of all individuals within the EU as well as all personal data exported outside of the EU.
Which means if you use the web to sell to individuals in the EU, you are thereby responsible for their submitted personal information. Which means you are covered by the regulation, also if you process similar data you are likewise covered.
Why should you care? Because this regulation has teeth and has a series of sanctions that increase from initial warnings in writing to fines of up to €20,000,000 or up to 4% of the annual worldwide turnover of the preceding financial year.
To comply you best have you need to be compliant with concepts such as the ‘Lawful Basis for Processing’, Data Protection Officer, Pseudonymisation, Right to erasure and many, many others.
Many organizations in the EU have been working for two years to get themselves compliant with all aspects of GDPR. Have you done the same? If so I congratulate you and support your efforts to be ready in May.
If you are not well down the road to GDPR compliance, not sure what GDPR means to your organization, or just want to learn more about GDPR consider taking our GDPR course: ‘GDPR Essentials for Risk Managers available in January 2018. It is a three part course, with a quiz, that will provide information on the basic concepts embedded in GDPR.
Hope you can make it. By that I mean both the May deadline and the course.