On the 25th May 2018, the General Data Protection Regulation (GDPR) was enforced and replaces the Data Protection Directive of 1995. The aim of the new regulation is to enhance and unify data protection for all individuals living in an EU member state.
The regulation applies to:
- Any organisation that collects & controls personal data from EU citizens
- Any organisation that processes data on behalf of another organisation (eg. a cloud service provider)
If your organisation is outside of the EU but collects & processes data of EU citizens, the regulation also applies.
The financial implications resulting from a failure to comply are significant. A fine of 20 Million Euros or 4% of the organisation’s global turnover (whichever amounts to more).
Vital preparation to become GDPR ready must begin at CEO and Board level and involve input from multiple departments within any organisation.