SeaRoc Group & GDPR
On 25th May 2018 the EU General Data Protection Regulation (GDPR) will come into effect.
GDPR is a significant change to data privacy regulations.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC was designed to harmonize data privacy laws across Europe, to protect and empower all EU residents’ data privacy and to reshape the way organizations across the region approach data privacy.
Who is affected by GDPR?
GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What is classed as personal data?
Under GDPR personal data is defined as any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Why is the law changing?
The main drivers behind the new regulations are the significant changes that have come about with regard to personal privacy in the digital age. As technology evolves the need to protect your personal data has become increasingly important as large scale data theft has become commonplace.
What are the penalties?
In recognition of the scale of this threat, there are two tiers of significant penalties for GDPR:
Organizations can be fined up to 4% of annual global turnover for breaching core GDPR requirements or €20 Million.
€10 million or 2% of annual global turnover for not having records in order
€10 million or 2% of annual global turnover for not notifying the supervising authority of a GDPR breach