Understanding the GDPR
If there’s anything that has managed to shake marketers all over the globe in the recent months, it’s the new General Data Protection Regulation (aka GDPR) in the European Union. So why does an EU-centered legislation, referring solely to EU citizens has echoed worldwide? But before we delve in this, let’s go over everything you need to know about GDPR.
Breaking 20 years of habit
The EU has announced that the deadline when the regulation will apply for all EU states is May, 25, 2018. While most might think it is all too soon, the regulation came into force back in 2016, so technically companies have had two years to prepare.
The regulation has been long time coming, given that the previous personal data legislation was enforced back in 1995 (over 20 years ago) – EU Data Protection Directive. The way technologies are changing and companies find ways to learn more and more about their customers it has been a long time coming… at least from a customer point of view.
Given that many companies such as Google and Facebook exchange their services for access to users’ personal information, it should come as no surprise that the EU wants to protect its subjects.
Who Does GDPR Concern?
Isn’t this literally the million-euro question! With non-compliance fines reaching up to 24-million Euro or a quarter of the company’s turnover (whichever is higher), GDPR compliance has a whole new meaning for companies. Still, many IT professionals confess that they aren’t ready for the new regulations.
The legislation generally affects two types of companies – data controllers and data processors. The controller determines how, when and why a user’s data is processed, while the processor is the entity that does the actual controller.
Think of it as an online shop that receives credit/debit card payments by using PayPal’s system. In this case the controller is the online shop and the processor is PayPal. As you can see there is barely an organization that will not be affected by GDPR.
From profit-oriented companies to governments and charities, any data collector (who handles personal information like names, emails, phone numbers and etc.) is responsible to choose a processor who complies with the EU directive. Under the Data Protection Directive, the processors had less responsibility and were less liable in the cases of data breach. The GDPR puts an end to that seeking greater retribution by controllers and processors alike.
My Company is NOT Located in the EU. Am I Liable Under GDPR?
To answer shortly – yes, you are liable under GDPR so long as you operate with data that belongs to EU citizens. That also applies to the cases where you simply have an email list you send a weekly newsletter to. Unless you are 100% certain that none of the subscribers is an EU citizen, you should better make sure you are GDPR compliant.
How Can GarbleCloud Help You
In a world where data is a pricey currency, and different regulations make it all the much harder for businesses to navigate local and international waters, we, at GarbleCloud, have made it our mission to make this tricky process as seamless as possible. Thanks to our innovative approach to cloud management, we are happy to make your transition to GDPR as smooth as a single click.