Data processors have been given until May 25, 2018, regardless of whether they are based inside or outside the EU, to switch to a data processing method that complies with all the requirements and standards set out in the General Data Protection Regulation (GDPR). It is a forceful, coherent framework for data protection in EU states. This reasonably strict set of obligations needs to be observed by nearly every organization processing personal data.
Does the GDPR Apply to your Organization?
The GDPR applies to all companies processing the personal data of individuals residing in the EU. This is regardless of the company’s location. What this means in practice, we described in an earlier blogpost about the GDPR. Most international organizations will have to be compliant. Medium-sized and bigger international organizations that do not have to comply with the GDPR will be rare.
Furthermore, the GDPR’s scope of personal data is very broad. Personal data is any information relating to an identified or identifiable person. A person is considered identifiable if he can be directly or indirectly identified.
This is already the case when an identifier is used. Examples of identifiers are a name or an IP address.
All personnel dealing with customer data will need to be aware of their responsibilities. This is especially true for Privacy Officers, Compliance Officers, Security Officers and Business Continuity Managers.
How to be GDPR Compliant
In the coming months, there are plenty of challenges ahead. We can only advise you to draw up a sound strategic plan. Develop in-house connections with people who can provide you with partial assistance. Produce a realistic and pragmatic project plan.
The white paper “Data Protection – Compliance is a Top-Level Sport” gives more advice about GDPR compliance. It is written by Renate Verheijen, Legal & HR Counsel at Madison Gurkha. She maps out the consequences of the GDPR and guides you through the tests and trials that lie ahead. Find out how you are doing and what steps you need to take by downloading this white paper about GDPR compliance.