The EU GDPR (General Data Protection Regulation)
What is the GDPR?
The EU GDPR (General Data Protection Regulation) superseded the Wet bescherming persoonsgegevens, the previous Dutch personal data protection act, on 25 May 2018. The GDPR brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of obligations on organisations to be more accountable for data protection.
The GDPR also gives member states limited opportunities to make provisions or derogations for how it applies in their country. The Regulation was transposed into Dutch law via an implementation bill, the Uitvoeringswet Algemene verordening gegevensbescherming (UAVG).
GDPR – an ongoing compliance journey
25 May 2018 was just the beginning – the GDPR requires clear evidence of an organisation’s ongoing commitment and compliance efforts. Where GDPR compliant, you must ensure going forward that your data protection practices are still appropriate in addressing any emerging privacy and security risks.
If you have not yet started your GDPR journey, you should prioritise tackling those areas where a lack of action leaves your organisation exposed. Where an infringement occurs, demonstrating you have made a start could help reduce potential penalties. Speak to an expert today to find out more about the key steps to GDPR compliance.
Speak to an expert
The business benefits of the GDPR
Watch our short video where Alan Calder, IT Governance Founder and Executive Chairman, answers the important questions surrounding the EU GDPR and how it affects businesses in the EU.
While the GDPR maybe complex and challenging there are business benefits to be gained from compliance:
- Build customer trust
- Improve brand image and reputation
- Improve data governance
- Improve information security
- Improve competitive advantage
The GDPR applies to personal data as any information, in any format, that can directly or indirectly identify a natural person.
The Regulation places much stronger controls on the processing of special categories of personal data. The inclusion of genetic and biometric data is new.
- Email address
- IP address
- Location data
- Online behaviour (cookies)
- Profiling and analytics data
Special categories of personal data
- Political opinions
- Trade union membership
- Sexual orientation
- Health information
- Biometric data
- Genetic data
Which organisations does the GDPR apply to?
The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, irrespective of nationality. Organisations based outside the EU that offer goods or services to EU residents, monitor their behaviour or process their personal data are also subject to the GDPR.
Service providers (data processors) that process data on behalf of an organisation (data controller) come under the remit of the GDPR and will have specific compliance obligations. An example might be an organisation that processes your payroll or a Cloud provider that offers data storage.
Find out how your organisation can start its journey to becoming GDPR-compliant today >>
The key elements of the GDPR
GDPR enforcement and penalties
The GDPR has attracted media and business interest because of the increased administrative fines for non-compliance.
The administrative fines are discretionary rather than mandatory; they must be imposed on a case-by-case basis and must be ‘effective, proportionate and dissuasive’.
There are two tiers of administrative fines that can be levied:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
The fines are based on the specific articles of the Regulation that the organisation has breached.
How IT Governance can help you get GDPR-ready
IT Governance, a leading global provider of IT governance, risk management and compliance solutions, is at the forefront of helping organisations globally address the challenges of GDPR compliance.
Browse our range of comprehensive solutions, services and products to help you meet your GDPR compliance objectives.
Free GDPR resources
Staff awareness training
Compliance toolkits and software
Speak to a GDPR expert
Please contact our GDPR team for advice and guidance on our products and services