What is the GDPR?
GDPR is a piece of legislation that was approved in April 2016. It went into effect in May of 2018. It replaces a previous law called the Data Protection
Directive and is aimed at harmonizing rules across the 28-nation EU bloc. The aim is to give consumers control of their personal data collected by companies.
Not only will it affect organizations located within the EU, but it will also apply to companies outside of the region if they offer goods or services to,
or monitor the behavior of, people in the bloc.
(CNBC, Arjun Kharpal, MAY 25 2018, https://www.cnbc.com/2018/03/30/gdpr-everything-you-need-to-know.html)
Why should you be compliant?
As a U.S.-based small business owner, getting ready to comply with the General Data Protection Regulation (GDPR) regulation may not be at the top of your to-do list.
Small business owners may think that the GDPR only applies to large, global companies that conduct business overseas, not for companies with fewer than 250 employees.
GDPR is one of the largest and most far-reaching global data privacy laws—and all businesses need to be GDPR-compliant with processes and documents in place.
This new data protection law goes into force May 25, 2018 and will apply to all companies handling the consumer data of citizens within the European Union (EU), no matter the size,
industry or country of origin of the business.
Punishment for non Compliance
An organization in breach of GDPR laws will be fined up to 4 percent of annual global turnover or 20 million euros ($24.6 million), whichever is bigger.