People are starting to complain about GDPR overload. The emails, webinars and articles about it are coming in from left and right. Sometimes they obsess so much with the detail that it is hard to know what practical steps your company should be taking on GDPR. I wrote the book “GDPR- Fix it Fast! Apply GDPR to Your Company in 10 Simple Steps,” (available in the UK on Amazon here and Waterstone's here and here in the US) to solve this problem.
This article sets out some of the basics on GDPR.
Which companies does it apply to?
GDPR applies to all companies in the EU that process personal data.
GDPR also applies to all companies outside the EU that offer goods and services to people in the EU.
For example, a US company that markets and sells its shoes to UK customers is caught by GDPR.
Equally, an Australian company that offers an online dating service to French customers is also caught.
Those £17m/$17.7m fines – What do I need to know?
The maximum fine for breach of GDPR is 4% of global annual turnover or 20 million euro (whichever is higher). These fines will usually relate to a breach of a data subject’s rights or any of the basic GDPR principles.
There is a lower tier of fines of 2% of global annual turnover or 10 million euro (whichever is higher) for administrative breaches.
Article 83 of GDPR says the fines must be “proportionate” to the GDPR breach.
What are these new rights I keep hearing about?
There are numerous data rights set out from Articles 12-23 of GDPR. These will give you new powers to potentially erase embarrassing posts from social media. You also have the potential to transfer all your details from your old mortgage provider to your new mortgage provider.
These could merit a separate article so let me introduce you to two of them today (there are more details in my book here).