We put together a summary of basic facts that will help you understand the origins of the law, its fundamental role and purpose and whether it applies to your business.
What is the GDPR?
The EU GDPR stands for European General Data Protection Regulation and introduces new Data Protection Rules. It entered into force on May 24th 2016, and applies from 25 May 2018.
When is the deadline?
On 25th of MAY 2018 a new General Regulation on Personal Data Protection will apply across Europe and will change the way we see and deal with personal data.
Does it apply to you?
The EU GDPR applies to all organisations that hold, process and store personal data of EU citizens, regardless of the organisation’s location. The answer in short: most likely, yes.
Get a free assessment of your GDPR compliance here.
What counts as a data ownership?
Processing of personal data, wholly or partly by automated means, or storing data as a part of a filing system.
What is the geographical reach of the GDPR? What organisations does it encompass?
- Organisations (data controller and/or data processor) established in the EU, regardless of whether the processing of data takes place in the Union or not
- Organisations (data controller and/or data processor) outside the EU, where the processing activities are related to:
- The offering of goods or services to data subjects in the EU, irrespective of whether a payment of the data subject is required; or
- The monitoring of their behaviour as far as their behaviour takes place within the Union. Monitoring behaviour includes tracking European citizens on the Internet in order to create a profile or analyse preferences. An example is the use of website cookies.
- Organisations (controller) outside the EU, but in a place where Member State law applies by virtue of public international law (i.e. Embassies)
Where does the GDPR come from?
In case you are wondering. The GDPR relates to the “Third Generation” of the fundamental rights from The Charter of Fundamental Rights of the European Union which includes:
- Data protection
- Guarantees on bioethics
- Transparent administration
Overall aim of the GDPR is to serve citizens and to harmonize disjointed regulatory systems of the EU Member States and countries that they sustain business relationship with.
Now you should feel more confident when browsing through the next mount of legal materials and articles on the GDPR.
Or you can also try our automated compliance manager CyReg that offers a free initial assessment of your GDPR compliance. Click here to register your interest.