What is GDPR?

One of the largest changes to data protection laws in over two decades, the General Data Protection Regulation (GDPR) applies to any company that does business with a European Union (EU) member state that involves the personal data of an EU citizen. Compliance is required of any entity doing business, either directly or through affiliates, which involves the collection, processing, or transfer of personal data of citizens in the thirty-one countries in the European Economic Area (EEA). Operations in ecommerce are included. Through GDPR, the EU hopes to give people more control over how their personal data is used and ultimately lead to more trust in the emerging digital economy.

How long has GDPR been in effect?

GDPR went into effect on May 25, 2018 with organizations required to be compliant by that time.

What are the penalties for failing to comply with GDPR?

The penalties for noncompliance are steep, including hefty fines and potential civil and regulatory liability. Less serious violations will be liable for a fine of up to €10,000,000 or 2% of global turnover – depending on which is highest. However, for more serious breaches, such as a breach of an individual’s rights or a breach during international transfers, a business may be held liable for up to €20,000,000 or 4% of global turnover.