The General Data Protection Regulation (the “GDPR”) has been in the news a lot in 2018, so we thought it would be a good opportunity to take a look at the regulation itself here on the blog and discuss its potential impact for organizations around the world.
This post is designed to answer some common questions about the GDPR and set the stage for our next post in the series, where we’ll look at key aspects that organizations should consider when choosing a software vendor. Let’s start at the top with some fundamental questions.
What is the GDPR?
The GDPR is an EU law on data protection and privacy that applies to the processing of personal data of data subjects. The GDPR, passed by the European Parliament in May 2016, went into effect on May 25th 2018 following a two-year transition period. The GDPR fundamentally changes the way that businesses and public-sector organizations are expected to handle customer and constituent data—placing an emphasis on the privacy of the individual and establishing harsh sanctions for those organizations who fail to comply.
What kind of data is impacted by the GDPR?
The GDPR applies to any organization that controls or processes personal data of EU data subjects—regardless of where an organization has physical operations. Personal data, the subject of the GDPR, is defined by the European Commission as any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Why is the GDPR relevant to your business?
The GDPR impacts a wide variety of organizations, ranging from social media platforms to retailers and government bodies. The GDPR brings about big changes and represents the imminent evolution of the existing regulatory environment. Many of the principles outlined in the GDPR are industry best practices that have now been codified into law.
The GDPR will have a broad impact on the global business environment, helping to establish new norms around data privacy and protection and threatening fines for those organizations that fail to comply. In fact, financial penalties for GDPR violations can be quite severe—up to the greater of €20 million or 4% of annual worldwide turnover for the year before. To learn more about the GDPR, visit the official EU information site. To learn about key changes under GDPR, visit the GDPR Key Changes page.
Now that you have some basic information about the GDPR and how it will affect your business in the years to come, be sure to read our next blog in this series for the key considerations for selecting a software vendor with an eye towards long-term GDPR compliance.
For more insights and advice from leading analysts and influencers on trends impacting enterprise organizations, read "8 Enterprise Analytics Trends to Watch in 2018".