What is the GDPR?
The GDPR is an exhaustive protection regime for personal data in the European Union (EU) set to affect EU and some non-EU businesses and organisations.
Since the European GDPR also governs the processing (collection, use and disclosure) of personal data (all information related to an identified or identifiable human being) of individuals based in the EU, even businesses and organisations outside the EU can be subject to the GDPR!
When does it become applicable?
From 25 May 2018 onward.
Why should I be subject to the GDPR?
The GDRP has to be abided by all non-EU companies if they conduct data processing activities related to:
- the offering of goods and services to persons in the EU, irrespective of whether a payment is required or not (e.g. storing data on a server);
- and the monitoring of persons’ behaviour taking place within the EU (e.g. web tracking via cookies or social plug-ins).
In addition, transfers of personal data from the EU to a non-EU country/business is only allowed if:
- the European Commission decides that that specific non-EU country ensures an adequate level of protection of the personal data transferred. The Commission indirectly indicated that, till date, none of the SEA countries ensure an adequate level of protection of personal data;
- the transferring organisation has put appropriate data protection safeguards in place; or
- one of the narrow exception clauses of the GDRP applies. The European General Data Protection Regulation (“GDPR”) Health Check
The same principle applies for data transfers from one non-EU country (to which EU data was transferred) to another non-EU country.
What are the practical impacts to my business?
Non-EU businesses/organisations subject to the GDPR have to respect several obligations, including:
- Keep track of all consents given by individuals, even for existing clients/contacts/prospects etc.;
- Appoint a GDPR data protection officer;
- Put in place group binding corporate rules or contractual clauses when they receive EU personal data;
- If required, appoint a representative in the EU.
Any sanctions?
Yes, possible administrative fines in case of non-compliance (up to €20 million or 4% of annual group turnover, whichever is greater).
Not sure if the GDPR will impact or apply to your business? Contact us for a GDPR ‘health check’ and we will help you find out. Our one-time fee for a ‘health check’ is EUR 150 excluding GST and disbursements/office charges.
Your Contacts
| Rumyana Prodanova Associate Luther Corporate Services Pvt. Ltd. India Phone +91 9599 0508 71 rumyana.prodanova@luther-services.com |
| Nishi Baranwal Associate Director Luther Corporate Services Pvt. Ltd. India Phone + 91 9599 0508 74 nishi.baranwal@luther-services.com
|