Lee & Schwerbrock
German Law Firm
On May 25th 2018, the EU's General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, will enter into force. The intention of this EU regulation, adopted by the EU Parliament in April 2016 with a transition time of 2 years, is to harmonize data protection regulations across the entire European Union, strengthen individual privacy rights und provide powerful enforcement and sanction measures against misuse of personal data.
Which companies will be subject to the GDPR?
GDPR will also apply to companies located outside of the EU if they offer goods or services to the EU and do process and/or hold the personal data of individuals residing in the European Union, regardless of the company’s location.
What is “personal data” under the GDPR?
“Personal data” can be any information related to a natural person that can be used to directly or indirectly identify the person. “Personal data” under the GDPR can be anything from a name, a photo, an email address, bank details, posts on social media, medical information, or even a computer IP address.
How to comply with the GDPR?
As first step, a company must carefully evaluate what kind of personal data they may collect at any time within their business operations and how this data is processed within the company. Document the personal data that you hold, where it came from, and who you share it with. Depending on this assessment, some of the following measures may be necessary for compliances with the GDPR:
The above listed measures are only examples and are neither conclusive nor do they apply to every company in the same way.
What penalties does a company risk under the GDPR?
In case of first-offenses or non-intentional noncompliance, the GDPR provides low level sanctions as a written warning or data protection audits. For repeated offenses or misuse on international level, fines up to 20 million euros or four percent of a company’s annual worldwide turnover, whichever is higher, are possible.
©2018. All rights reserved. Information contained in this website is for reference purpose only and is not intended to constitute legal advise on specific matters. Should there be any specific legal issue, please consult with our attorneys.