CALL US ON - UK +44 845 528 0149 - CZECH REPUBLIC +420 228 885 930

EU GDPR (English)

EU General Data Protection Regulation
May 25th 2018
What is the EU GDPR?
The EU's new data protection regulation, the General Data Protection Regulation, the GDPR, which enters into force on 25th of May 2018, implies, among other things, more stringent requirements for handling personal data. Requirements will be required for new procedures and processes for safe handling of records as well as requirements for responsible management. The new data protection regulation will apply to all organizations and industries that save or in any way handle personal and sensitive information about their employees or their customers.
What is personal data?
The EU General Data Protection Regulations or GDPR is a EU mandate which overhauls all data protection laws in member states, designed to ensure data privacy and enhance control of personal data for EU residents.

According to the EC, the definition of personal data covers anything that points to their professional or personal life, including names, photos, emails IDs, bank details, social networking posts, medical information, or computer IP address etc

Does this effect only EU residents in the EU?
GDPR only applies while a person is located within the European Union – i.e. the person's locality at the time the data is collected affects applicability.

If an EU citizen is transacting business with a US company over the Internet or phone while located in the EU, then, yes, the GDPR does apply. If that same EU citizen is travelling, local privacy laws will then apply.
I have a B2B business and I don't store customer data, so GDPR doesn't apply to us?
All companies that have employees located within the European Union are obligated to comply. Whilst those companies with under 250 employees have considerably fewer obligations to consider, businesses still need to evaluate their processes in line with the requirements.
Requesting and documenting proof of consent
Article 7 and Article 8 specify that data controllers must possess a valid proof of consent for processing data and acquire special permissions for collecting the data of children under 13 from their legal guardians.
Instant Breach Alerts
Article 32 says that any case of data breach must be reported to the DPA by the controller within 72 hours of discovering the issue so that all parties involved can be warned about the situation and take precautionary measures.
In cases of non-compliance, firstly the DPA will hand out written warnings, as a result, organizations will also be directed to conduct regular data protection audits. For the most severe cases, companies can be fined up to €20 million or 4% of global annual turnover, whichever is higher.

Need for encryption

Processing and storing data whether hard copies are electronic copies if it contains EU residents data, it must be stored and processed securely, using password protected encrypted storage is a must!

 The GDPR will affect all industries, companies and organizations that handle personal data!