Who is concerned by GDPR?
An European law
In March 2018, the GDPR (General Data Protection Regulation) law came into effect by the European Union. This law now allows the continent to adapt to the new digital realities. Indeed, the purpose of GDPR is to make companies that process personal data more accountable, by giving European citizens more control over it.
Businesses, associations and subcontractors
GDPR directly affects all European businesses, associations and subcontractors. However, this does not apply to the citizens from the rest of the world.
Example: A company like Facebook, which is based in the United States of America, has the duty to comply with the GDPR law. This is due to the fact that they handle a lot of personal data from all continents, including Europe.
The obligations to comply with the GDPR law
The entities that are handling data from European citizens must identify and inform the individuals:
- What data they collect.
- The purpose of the collection.
- How long the data is kept.
Once done, they must summarize all these information in a record of processing activities. Moreover, they also have the duty to make it easy for users to exercise their rights. In fact, they have the right of information about what details you collect and the right to ask for deleting their personal data that is stored and much more.
Fines and consequences
All companies and associations can be subject to a control by the EU’s data protection authorities or be subject to a series of complaints. If an institution fails to fulfill the characteristics of GPDR, a fine can amount to up to 20 million euros. In the case of a company, it can be up to 4% of annual worldwide turnover. As a result, the company’s image may be damaged and it may lose the customers’ trust.
So, now that you know, if you believe that you are still missing some elements for GDPR compliance or if you do not know where to start, get in contact with us.