General Data Protection Regulation, or GDPR, is a data privacy protection law for individuals within the European Union. It provides for potentially devastating fines (4% of revenue or 2 million Euro, whichever is greater). While the regulation went into effect on May 25, 2018, some of you may still be wondering what, if anything, does my organization need to do to comply with GDPR?
Does GDPR affect my organization?
- If you have operations in the EU - Yes, GDPR applies to you.
- If you actively target and collect data on EU citizens - Yes, GDPR applies to you.
If you can answer a clear “no” to both these questions, then it’s less urgent for you to take action, but we still recommend that you begin to review your data collection and management practices with an immediate focus on whether you collect or have data on EU citizens.
Our partner, Isaac Shalev at Sage70, describes GDPR in this way:
“A good way to think about data under GDPR is to stop viewing data as property. Instead, see privacy as a right that individuals have. When individuals share data, they're not transferring ownership of the data. Rather, they're providing a license to others to use data. That license is pretty restrictive, and in most cases, it can be rescinded.”
Feel free to reach out to us at RoundTable Technology with any questions, or contact Isaac Shalev, a data consultant, at Sage70.