It is a common mistake to think that the soon to be introduced General Data Protection Regulation (GDPR) only applies to businesses and groups that are based within the European Union. However, this is not necessarily true.
GDPR is applicable to any company which stores the personal data of anyone living within the EU, or hiring individuals people within the EU. This means that a company doing business in the EU needs to adhere to GDPR obligations.
Any business that manages a significant amount of sensitive personal information, will need to have a Data Protection Officer (DPO) working for them. It is the duty of the DPO, and ultimately any business or company, to complete an audit of the data they hold and determine what is classified as personal data. While there is no check list to define personal data; it is basically any data, or group of data, that can be employed to identify a person.
Any business that operates within the European Union will need to be certain what data is stored, where the data is stored and who has access to it. Businesses will also need to review GDPR requirements and ensure that they are being complied with. All of this is necessary in order for businesses to adhere with GDPR and avoid heavy fines and other penalties. This is an vital consideration when you remember that the highest possible fine is 4% of a company’s annual turnover.