GDPR Takes Effect on May 25

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in the European Union (EU) that aims to improve data protection and privacy for individuals.  GDPR takes effect on May 25, 2018.

How does GDPR effect me and my business?
GDPR specifies rules for using information about a user.  It says you must have the user’s permission to use or save information about them.  You must disclose what information you are collecting, why you are collecting it, how long you intend to retain it, and who, if anyone, you are sharing it with.  Users have the right to request a copy of the data and may request that the data be deleted.  It also says that if the information you have stored, on a computer paper, or any medium, is hacked or stolen you must let your users know within 72 hours.

How do I know if the GDPR applies to me and my business:
GDPR applies in 3 cases:
1. If the user is based in the EU
2. If you or your business is based in the EU
3. If your data processor is in the EU.  This means that the service processing the data, for example, your web hosting service or any software you use to capture client information, is from a company based in the EU.

What are the penalties?
If you are found to be in breach of the rules you can be fined 20M euros or 4% of your global revenue.

Let us know if you have any questions about GDPR.