General Data Protection Regulation
The European Union’s General Data Protection Regulation (GDPR), which comes into effect May 2018 will be the most significant privacy legislation to impact how organizations deal with their customers’ information. Are you ready?
In April of 2016, the European Parliament, the Council and the European Commission came to an agreement on the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This regulation is intended to strengthen and unify data protection and privacy for individuals within the European Union (EU).
When the law takes effect in May 2018, global brands will face significant changes in how they approach online marketing, data protection and privacy policies. The impact of this regulation not only affects organizations that reside and operate within the EU but also any international organization whose customers reside within the EU. Whether you have one or one million customers residing within the EU, the GDPR affects you!
As a leading provider of Customer Identity Management solutions, LoginRadius is well positioned to help educate you on the details of the GDPR as well as providing assistance in complying with the requirements. Check out the resources we have provided below to help you learn about the details of the regulation itself, the potential impacts on your business, 12 Steps you can take to prepare for the regulation and how you can meet GDPR requirements using LoginRadius’ CIAM functionality.
Frequently Asked Questions
What is GDPR
The General Data Protection Regulation (GDPR) is a regulation passed by the European Parliament to strengthen and unify data protection for all individuals with the European Union (EU). The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify regulations for international businesses by unifying the requirements for data protection across the EU.
Who does the GDPR apply to?
The regulation applies to all organizations that process data or data subjects based in the EU. It also applies to any organizations based outside the EU if they collect or process personal data of EU residents.
When does the GDPR take effect?
The GDPR was adopted on 27 April 2016. It becomes enforceable from 25 May 2018. Unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.
What are the penalties of the GDPR?
The following sanctions can be imposed:
- A warning in writing in cases of first and non-intentional non-compliance
- Regular periodic data protection audits
- A fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4)
- A fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 5 & 6
How can my organization prepare for the GDPR?
We have published this quick 12 Step guide on how to prepare for the GDPR. These are very basic things you should be doing today to get ready. For more information on the GDPR itself, we have a couple of whitepapers that help explain the nuts and bolts of the regulation and how they can impact your organization.
How can cIAM help comply with the GDPR?
We have an informative guide that lists major requirements of the GDPR and how cIAM functionality can help you meet compliance requirements of the GDPR. A good cIAM solution can not only help you meet GDPR compliance requirements but also help improve your customer experience, consolidate data silos into a holistic view of your customers and leverage customer insights to improve sales.