What is the GDPR?

Broader territorial scope (extraterritorial applicability)

The GDPR now applies to all companies that process personal data of individuals residing in the European Union. And regardless of the location of the company.

The GDPR makes its applicability very clear. It will apply to the processing of personal data by controllers and processors in the EU. Regardless of whether the processing takes place in the EU or not.

The GDPR will also apply to the processing of personal data of individuals in the EU by a controller or processor not established in the EU. These activities relate to: offering goods or services to EU citizens (whether or not payment is required) and behavioural monitoring that takes place within the EU.

Non-EU companies processing EU citizens' data will also have to appoint a representative in the EU.

Sanctions

Organisations that breach the GDPR can be fined up to 4% of annual global turnover or €20 million. This is the maximum fine that can be imposed for the most serious breaches.

For example, not having sufficient customer consent to process data. Or violating core Privacy concepts. There is a tiered approach to fines. For example, a company can receive a 2% fine for not having its records in order (Article 28), without notifying the supervisory authority and the data subject.

It is important to note that these rules apply to both controllers and processors.

Consent

The conditions for consent have been strengthened. And companies will no longer be able to use broad unreadable terms and conditions full of legal technicalities. The request for consent must be given in an understandable and easily accessible form.

Consent should be clear using clear and simple language. Where it should be equally easy to accept or withhold consent.

EU Regulation (BOE): https://www.boe.es/doue/2016/119/L00001-00088.pdf

For more information, please contact us and we can refer you to a company specialised in the new regulation.

You can also see a more updated article by clicking here. here.