The General Data Protection Regulation (GDPR is a regulation with the intention to unify and bolster data protection for all individuals within the European Union (EU) by the European Commission. It also addresses the export of personal data outside the EU. The main focus of the GDPR, is to allow EU citizens and residents to regain control over their personal data and to make the regulatory environment less complex for international business by unifying the regulation within the EU. The GDPR will replace the data protection directive from 1995. The regulation was adopted on 27 April 2016 and is enforceable from 25th May 2018 after a two-year transition period. Unlike a directive, there is no stipulation for any enabling legislation to be passed by national governments and is directly binding and applicable.
The regulation applies in circumstances where the data controller or processor or the data subject (person) is based in the EU. Additionally, the Regulation also applies to organizations based outside the EU if they collect or process personal data of EU residents. According to the European Commission personal data is defined as any information relating to an individual, whether it relates to his or her private, professional or public life. This includes (but is not limited to) a name, a home address, bank details, a photo, an IP address, an email address, posts on social networking platforms and medical information." The regulation does not apply to the processing of personal data for national security activities or law enforcement. It must be noted that the data protection reform package contains a separate Data Protection Directive for the and criminal justice sector and police that provides a robust set of rules on personal data exchanges at the national, European and international levels.
Sioure Enterprise offer compliance services and will review your company compliance with the EU GDPR.
The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.