GDPR: one of 2018’s buzzwords. You’ve probably heard about it at this point, but maybe you’re still asking yourself why you should care (especially if you’re not in the European Union) and how you can get ready for it. If that’s the case, this post if for you!
Of course, please take this as legal information and not legal advice. If you have any questions GDPR, send me an email at info@artylaw.ca.
What is GDPR exactly?
The General Data Protection Regulation (better known as GDPR) is the new data protection law that will be governing the European Union. It was introduced as a response to the digital economy, which is currently heavily based on consumer information. The GDPR will come into effect on May 25th, 2018.
Does it apply to me (or for a lack of better words “why should I care”)?
The interesting thing about GDPR is that its application is not territorial. It applies to any business that holds data about an EU citizen. Yes, this means that regardless of where you are in the world, if you have customers or users in the EU, their data needs to be handled in compliance with the GDPR.
What are the risks behind non-compliance?
The GDPR has two distinct levels of fines. The first level consists in fines up to 10 million euros or 2% of a company’s annual global turnover. The second level consists of fines up to 20 million euros or 4% of a company’s annual global turnover. Every fine level is for a different set of violations and a series of criteria such as the nature, gravity, and duration of the infringement will be taken into consideration when deciding whether to impose a fine or not.
How can I get ready for GDPR?
Getting ready for GDPR is a journey that needs to be started as early as possible. Of course, the steps that need to be taken are far too numerous to be discussed in this blog post, but here are a few things you should be looking into.
The first thing you should be doing is assessing what kind of data you hold about your users, where it comes from, as well as any third-parties you are currently sharing this data with. You should also assess your current handling of the data (how it is stored, how quickly you can respond to users who want their data deleted, etc) and compare it with current GDPR requirements to find any gaps in your process.
Revisiting your privacy policy is also, amongst other things, something you will have to do, as the GDPR is all about transparency.
The GDPR is a long and complex law that should not be navigated alone. If you’re worried about being GDPR compliant in time for the deadline, you should be including a legal counsel in your efforts.
If you have any additional legal questions you would like to ask me regarding GDPR or if you need any assistance with being GDPR compliant, do not hesitate to send me an email at info@artylaw.ca or click on the link below to schedule a consultation.
