What is GDPR?
The GDPR is a new regulation seeking to unify data protection across the EU. It incorporates significant and new requirements for governing data and how it is used, collected, retained and shared. The will apply to all data controllers and data processors in the EU. The new data protection law would apply to the data processed by an organization situated within the EU. Additionally, the Regulation will have an extra-territorial effect.
The European Commission (EC) will enforce the GDPR as of May 2018, centralizing all existing regulations and updating these for the digital age. This will cause significant disruption to how organizations process personal data.
Objectives of GDPR
- Increase protections for personal data
- Set strict penalties for non-compliance
- Extend regulatory powers beyond EU borders
Big penalties for non-compliance
- If There is a Data Breach: Maximum Fine 4% Global Turnover or €20,000,000 (whichever is higher).
- Deadline to tell Authorities: 72 Hours. Deadline to tell users: “without undue delay.”