The General Data Protection Regulation (GDPR) is a series of privacy and security laws which came into effect on May 25th 2018.
After four years of preparation and deliberation it was passed into law by the European Union (EU), and sets out the obligations and responsibilities for any organization, anywhere in the world, which collects data on citizens of the member states of the EU. It replaces the previous Data Protection Directive (95/46/EC) of 1995.
The legislation received significant attention because violations of these data protection laws can potentially result in punitive fines for large corporate bodies. The new GDPR is a regulation where it’s predecessor was merely a directive. With potential fines of 2% of revenue, violations could run to tens of millions.
The full legislation is extensive, this resource has been created as an easily digestible guide to the GDPR for business owners who need and understanding of this legislation, and how it affects them.
Whilst the legislation is specific to the European Union, it will impact any business with customers or potential customers in any EU state.