The EU General Data Protection Regulation (GDPR) is a sweeping regulation that replaced the aging Data Protection Directive (95/46/EC). It (somewhat) modernized the EU's approach to privacy and data protection and (somewhat) harmonized privacy and data protection laws across the EU.
GDPR went into effect on May 25, 2018. It brings with it fines as large as €20 million or 4% of global turnover (whichever is higher) for non-compliance. The Regulation applies to many more companies than the old Directive as companies established in the EU and some outside the EU fall under its scope. Notably, the Regulation applies directly to both controllers and processors of personal data. Its structure also imposes new duties on companies and preserves new rights for individuals.
If you answered yes to either question, it's likely your company has to comply with the GDPR.
Sky high fines! The GDPR empowers Data Protection Authorities (DPAs) to impose fines as high as €20 million or 4% of global turnover (whichever is higher).
Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.