The EU General Data Protection Regulation (GDPR) is a broadsweeping regulation that replaces the aging Data Protection Directive (95/46/EC), modernizes the EUs approach to privacy and data protection and harmonizes privacy and data protection laws across the EU.
GDPR comes into effect on May 25, 2018 and brings with it fines as large as €20 million or 4% of global turnover (whichever is higher) for non-compliance. The Regulation applies to many more companies than the old Directive as companies established in the EU and some outside the EU fall under its scope. Notably, the Regulation applies directly to both controllers and processors of personal data. Its structure also imposes new duties on companies and preserves new rights for individuals. Read more Insights Association guidance about the GDPR here.
DOES MY COMPANY HAVE TO COMPLY WITH GDPR?
- Does your company have a presence in Europe?
- Does your company monitor or track behavior in Europe?
If you answered yes to either question above it's likely your company has to comply with the GDPR.
Use our Does GDPR Apply decision tree.
WHAT ARE THE CONSEQUENCES OF NON-COMPLIANCE?
Sky high fines! The GDPR empowers Data Protection Authorities to impose fines as high as €20 million or 4% of global turnover (whichever is higher).
Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.