The GDPR not only applies to organizations located within the European Union (EU) but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) was as a result of updating the EU Data Protection Directive 95/46/EC. The GDPR adds new obligations to data processors and data controllers, including those based outside of the EU. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.
If you conduct business worldwide, specifically with those in the EU, you are held to this new regulation.
It is important that all business are aware of these new requirements and prepare for the May 25, 2018 deadline. Any infringement can lead to fines of up to 4% of annual worldwide turnover or €20 million