What you need to know about General Data Protection Regulation (GDPR) ?
Comes into force on May 25th 2018
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.
Who does the GDPR affect?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The Data Subjects:
The Data Subject:
This is your customer. Or your employee. Or your user. Or any EU-citizen who has entrusted you with their personal data. This is who the law is designed to protect.
The Data Controller:
This is (likely) your company. It’s who customers entrust the data with. And the responsible party in deciding what happens to the data, for what it’s used and how it’s handled.
The Data Processor:
This is any entity that actually handles personal data and is mandated by the data controller. It’s a bit of a nuanced distinction but a very important one.
What is Personal Data?
- Name, address and unique identifying numbers (e.g., your SSN);
- Demographics — such as age, gender, income or sexual preference;
- Behavioral data — web searches, purchase history and more;
- Social data — who your friends are, your emails, etc;
- Sensor data — biometrics, health tracking devices;
- User generated content — videos, photos, blogs or comments.