Yes, even if you’re not based in the European Union (EU) the General Data Protection Regulation (GDPR) applies to you.
Really? Even if I’m not in the EU? Yes, it doesn’t matter whether you have a physical presence in the EU.
The EU’s GDPR affects all countries and applies to any business or organisation that holds personal data on or provides goods or services to EU citizens or EU residents.
So, if you hold information about present or past employees, clients or suppliers who are EU citizens or EU residents you need to comply with the GDPR. Even if you don’t offer your product or service directly to consumers, but rather provide a service to an EU company that leads to you in some way processing personal data on EU citizens or residents, you’ll need to comply.
If you own or manage an organisation in the EU and are concerned about the imminent General Data Protection Regulation (GDPR), read on for an overview of what will be required of you to achieve compliance.
The GDPR was approved by the EU Parliament on 14 April 2016 after four years of discussion and planning. The regulation sought to replace the Data Protection Directive of 1995 and to harmonise data protection regulations across the European Union.
The General Data Protection Regulation (GDPR) has come about as a result of the digital age, which has resulted in a proliferation of easily accessible and shareable personal data.
The regulation was adopted on 27 April 2016 with the intention that it will strengthen and unify data protection for all individuals in the European Union. When it becomes law on 25 May 2018 it will replace the current Data Protection Directive of 1995.
By harmonising data protection and privacy laws across the European Union, the GDPR will strengthen the rights of EU citizens and residents and give them control over their personal data. Businesses and organisations will have a single regulatory environment throughout the EU specifying how to collect, hold and process personal data.