General Data Protection Regulation (GDPR)
Thinking that the GDPR is not your issue?
GDPR applies to EU and non-EU companies.
Thinking that the GDPR is not your issue because your organization doesn’t have a presence in Europe? Well, think again! If you offer any products or services to the European market, or if you collect data on European customers, the new privacy rules apply to you.
are up to 4% of global revenues*
The EU confirmed its decision to go for hefty fines: For breaking the law, companies will pay up to 4% of their global revenues or €20 million, whichever is greater. A fine of this magnitude could put many firms out of business.
notification is a mandate.
Organizations have 72 hours to communicate to the relevant data protection authority that they have suffered a data breach. Some EU countries, like the Netherlands, already have this requirement in place, but now companies operating all over Europe must set up their breach notification and response services.
Companies must hire a
data protection officer.
Companies whose core activity entails regular and systematic collection of personal data on a large scale, as well as firms that handle sensitive data, must hire a data protection officer this requirement is also in place for any public authorities or bodies.
Privacy by design & by default
are legal requirements
The times where privacy was an afterthought are gone forever. These new principles require that you integrate privacy requirements in the design of new products and services and that you process the minimum amount of personal data necessary to achieve a specific purpose.