As of May 25th, 2018, the EU General Data Protection Regulation (GDPR) has been put into effect. Replacing the Data Protection Directive from 1995, the GDPR is adjusting how organizations across the region handle their data privacy and creating a unified set of data privacy laws to help protect and recognize all EU citizen’s data privacy. Below, you can read some of the significant highlights from the GDPR and how these changes may affect your business.
Business Impact
Increased Territorial Scope
- There is an extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location
Penalties
- GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater).
Consent
- Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.
Conclusion for Business Impact:
- A broader outreach for what constitutes a company to be ‘processing personal data’ in the European Union
- Higher penalties for breach of GDPR
- Need for shorter, more legible terms and conditions
For more information please visit https://www.eugdpr.org.
*The above information is extracted and simplified from eugdpr.org. Centre O is a business resource centre in Hong Kong and we provide no warranty that the information listed above is accurate, up-to-date or complete and in no circumstance does the information constitute legal advice. You are responsible for independently verifying the information if you intend to rely upon or use it in any way.