GDPR was approved by the EU Parliament on the 14th of April 2016 and was designed to harmonize european data privacy laws and obviously to protect EU citizens data privacy.
It shall be applied from the 25th of may 2018 by the affected organizations (you?), if not, they will face consequential fines.
Since the european count-down is on, to whom does GDPR apply?
- To a personal data controller or even a data processor established in the Union. The processing may take place in the Union or not. So any company established in the UE which is actually processing personal data will have to apply GDPR.
- To a controller or processor not established in the Union whose process activities are related to:
- the offer of goods and services to data subjects in the Union,
- the monitoring of these data subjects behavior within the Union.
- To a controller established in a place where a member state law applies according to public international law. Indeed, public international law can extend the application of a national data privacy law beyond its border. For instance, a member state embassy in Canada will have to apply the member state data privacy law.
So, what about you?
By Elise FLORI