EU GDPR implications

EU GDPR implications outside the European Union exist – find out about them here

What is the European Union General Data Protection Regulation (EU GDPR) and what are the implications for organisations that are not based in the European Union?

The EU GDPR is a new privacy and data protection law which was approved by the European Parliament and the Council of the European Union in April 2016. It is being adopted by all countries in the EU without additional legislation being required in EU member states. The EU GDPR will become effective on 25 May 2018 and applies to all members of the EU (27 countries) post-BREXIT, plus the United Kingdom has indicated its intention to comply post-BREXIT.

The scope of the EU GDPR is global as far as the processing of personal data of EU citizens is concerned. That means any organisation operating anywhere in the world can find itself liable for enforcement action to be taken by a regulatory authority based in the EU. This also opens the door to a variety of other actions being taken by interested parties, such as civil damages claims. Penalties for organisations failing to comply with the GDPR provisions can be as high as 4% of global revenues, whether acting in the role of controller (responsible party) or role of processor (operator or third party role).

The risks of non-compliance with the EU GDPR may not be well understood by your organisation.  That’s where we can help. We have a methodology, tools, techniques, products and services to help you in your journey to EU GDPR compliance.

We have provided this advice on our POPI Solutions website because POPI compliance preparation initiatives also need to assess if it is necessary address EU GDPR requirements. Both laws are privacy and data protections laws, there are similarities and differences, we can help you in identifying these and in taking appropriate action.

You can start to get to understand the EU GDPR better by downloading the documents on this page.

EU GDPR

EU Directive 2016-680

A29 DPWP Guidelines on Data Protection Officers

A29 DPWP Guidelines for identifying a controller or processor’s lead supervisory authority

A29 DPWP Guidelines on the right to data portability

IACT-Africa EU GDPR Compliance Methodology v1.0

Download all of above as a zip file below:

EU GDPR Documents as a zip file

For more information about GDPR and how we can help you, please click here to contact us.