What is GDPR?

General Data Protection Regulation

What is the goal of the General Data Protection Regulation (GDPR)?

The GDPR is based on the fundamental right of data privacy and personal data protection. It is focused on providing better protection to all residents of the European Union by harmonising the protection of personal data in all 28 Member States. By strengthening the legal framework for the use of individuals' data, this regulation aims to boost consumer confidence in new technologies and enable the better development of the digital economy.

Who will the GDPR affect?

The scope of GDPR, defined in Articles 2 (Material scope) and 3 (Territorial scope), is much broader than the Directive 95/46/EC which was implemented in October 1998. The Regulation introduces the rule of extraterritorial application of European law and the subcontractors have now become directly affected by the regulation. Previously, adherence to guidance provided by the Directive was not mandatory and each EU member-state could implement direction as they see fit. However, the issuance of the Regulation now applies a standard requirement to all impacted parties, regardless of location, provided that the data in question is directly related to EU residents.

GDPR in a nutshell quiz

The GDPR will require individuals to:

  • Create the role of a Data Protection Officer, responsible for managing the data protection system

  • Define data collection, data processing, storage, transfer and deletion processes

  • Create a data breach notification process

  • Obtain explicit consent from the client when collecting data

  • Strengthen a persons right to access their data and right to be removed

  • Increase awareness and conduct training on data protection for any person involved in handling personal data.

GDPR Non-Compliance consequences
Sanctions can be:

  • In the case of a minor breach: a simple reminder.

  • ​In the case of a more serious breach: an administrative fine.This administrative fine can reach up to 4% of a company's turnover, thus requiring constant alertness in the processing of personal data

  • The fine will take into account the nature, seriousness and duration of the infringement as well as the intentional nature of the breach and any other mitigating circumstances.

In addition to the financial penalties, there is the risk of harming the company’s image with its clients.

Who will the GDPR affect?

  • Governance and Policy

  • Responsibility

  • Training

  • Customer rights

  • Privacy by design/Privacy by default Storage and deletion of data

  • Security and Incident Management Subcontracting

  • Impact analysis of data protection Transfers

  • Statistical treatments

  • BCR/Internal business rules

Use our diagnosis tool for a high level review of your data protection practices and assessment of your level of compliance with GDPR. This tool covers the 12 key themes of the GDPR regulation: ​ ​

Want to know more or talk to one of our experts?
Contact us now!