Everyone is talking about it — What is GDPR, anyway?
General Data Protection Regulation (GDPR) is the new European Union privacy law, approved in 2016 jointly by European Parliament, the Council of the European Union and the European Commission.
GDPR will replace the existing European Data Protection Directive (which btw, came into the picture in 1995), which will be in effect until May 25, 2018. Post this date, GDPR will supersede and all the laws attached to data protection will be governed by GDPR.
GDPR aims to bring all the EU member states under one umbrella by enforcing a single data protection law. GDPR is intended to put guidelines and regulations on how data is processed, used, stored or exchanged.
Should I be concerned about it — Who is it for?
GDPR applies to all the organizations that are registered in EU or have an establishment or subsidiary in EU. It also applies to an organization which sells goods or services to citizens of the EU and process or monitor the personal data of EU residents.
Note: Personal data is any information relating to an identified or identifiable natural person
In simple words, if your business is established in EU or part of your customer base is located in EU, you must comply with GDPR.
The specific criteria for organizations that are required to comply are:
- A presence in any EU country.
- No presence in the EU, but the organization processes personal data of EU citizens.
- More than 250 employees.
- Fewer than 250 employees but the organization’s practices impact the rights and freedoms of EU citizens or include certain types of sensitive personal data. That effectively means approximately all companies.