There is a common misconception that the General Data Protection Regulation (GDPR), which becomes enforceable on May 25 2018, only is only of concern to companies which are located within the European Union. This is not correct. GDPR applies to all people who live in the EU. The consequences of this for any business which has customers within the EU is that it must comply with GDPR, no matter where the business is located.
This is an important consideration for data protection experts around the globe. Not complying with GDPR could result in their company being hit with sanctions and punishments, including fines of up to £20 million or 4% of annual turnover, whichever is higher.
What Should International Organizations Take Into Account?
As GDPR is applicable to all international organizations and businesses, every company should ask ‘what do international data professionals need to review?
- The requirement to get legitimate permission to gather data. Consent has to include a conscious and informed act by the person in question. For example. using a preticked check box does not adhere with GDPR.
- The requirement to supply information regarding the data they store when a Subject Access Request (SAR) is submitted. The majority of the time the data must be supplied within forty days and free of charge.
- The right to be forgotten must be respected. This applies when data is no longer needed for any valid reason or when a person makes an official request for it to be deleted.
All of these are important considerations for companies that are required to adhere with GDPR as they process data. Businesses and organizations acround the world must adhere to them once that are dealing with customers/clients/people who are live within the EU.