The General Data Protection Regulation

What is The General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is legislation passed by the European Union (EU) that will go into effect on May 25^th, 2018. In the EU, citizens’ privacy data (name, IP address, date of birth, religion, health, etc.) has to be managed in a pre-described way. Any information that can be used to trace a person is considered privacy data. Under GDPR, the EU looks at privacy in a broader context than before and the penalties for non-compliance will be higher. Some of the key tenants of GDPR include a person’s information to be forgotten and more.

How Does this Regulation Apply to US Companies?

Many companies in the US have business ties with EU citizens and may store or collect personal data from EU citizens.

What are the Penalties if a Company does not abide by the Rules of the Regulation?

Article 58 of GDPR provides the supervisory authority with the power to impose fines. Various factors are considered in imposing the fines.  There are estimates that fines could be as such or more:

• The greater of €10 million or 2% of global annual turnover
• The greater of €20 million or 4% of global annual turnover

How can Arbour Group Assist?

Although Arbour Group is not a legal firm, we can assist companies with the implementation of all the pillars of the GDPR regulations. We can also provide guidance in remaining compliant with the GDPR regulations. Arbour Group can support companies with the identification of the various privacy data in organizations and systems, consequently establishing the right processes and remediating any gaps to keep a company compliant. Arbour can also work with a company’s third-party compliance processes to address gaps in these areas.