The GDPR, or in full the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is the new Regulation accepted in 2016, and coming into force on May 25th, 2018 and dealing with data protection of data related to natural persons.
The scope of the GDPR ensures this doesn’t only affect companies based in the EU, but all those who (want to) do business in the EU.
Compared to previous national regulations in Europe, the GDPR has high maximum fines, set at € 20M or 4% of worldwide annual group turnover, whichever is higher.
In addition it gives data subject the right to claim financial and non-financial damages, and has increased reporting requirements for breaches, which may lead to reputation damage.
How is it enforced?
The GDPR is enforced through national, or in some cases state authorities (Data Protection Authorities) who are the point of contact for complaints and may do announced or unannounced audits. Data Subjects have the right to complain if they feel mistreated, which may trigger an investigation.
We can help you become GDPR compliant. Contact us and we will be in touch soon to discuss your specific GDPR compliance situation.
Alternatively to filling out the form on the right, you can call us at: +49 (0)30 5490 8661