The GDPR (or also General Data Protection Regulation) is about the management and security of personal data of European citizens.
Personal data is all data that can be linked to an individual, such as identification or contact details, passwords, financial data, medical and social data.
From May 2018, companies (companies, foundations and non-profit organizations) must be able to demonstrate which personal data they collect, how this data is used, who has access to it, with whom they are shared and how they are protected.
With the new legislation, the EU wants to give citizens more control over their personal data.
To whom does the GDPR apply?
A common misconception is that the legislation would only apply to large companies, but the GDPR applies to all companies and organizations that, regardless of their size, fall under one of the following criteria:
• established in the EU
• established outside the EU, but delivering goods and / or services to EU citizens
• collect personal data and / or monitor the behavior of EU citizens
What about non-compliance?
The consequences for non-compliance with the GDPR rules are not to be ignored. Fines vary. For example, if a company does not release an important data breach, does not carry out risk assessments or cannot prove that data is fully protected / managed correctly, the fine can amount to a maximum of 20 million euros or 4% of the global annual turnover.
Every company has an enormous amount of information and data. The relevance and reliability of this data are important for policy making within the company and for following a chosen business strategy.
But now, more than ever, security and management of this data are also an issue.
We can explain the importance of the GDPR for your company and summarize and guide its implementation in a step-by-step plan.