DESPITE CONTINUOUSLY GROWING AWARENESS IN THE MEDIA THERE ARE STILL ORGANIZATIONS OUTSIDE OF THE EU THAT BELIEVE THAT IT DOESN'T APPLY TO THEM.
The new General Data Protection Regulation (GDPR) which is an EU regulation on data protection and privacy was announced in the global media for a long time and came into force on the 25 May 2018.
However, many organizations, especially in Asia are still not aware that the regulation does not only apply to organizations that are physically based in the EU, but also to those which are located outside the EU, if they gather and process privacy data of EU citizens, independent of the fact whether they are selling any goods or services within the EU or not, or use third parties to process customer data on their behalf.
It today's digital world it is needless to say that it doesn’t take much for this. Simply the collection of someone’s phone number, email or computer IP address via the organization’s website would be described as such case. Not complying with the GDPR could result in huge fines of up to four percent of the organization’s annual turnover, or EUR 20 million, whichever amount is higher.
Organizations should therefore not underestimate the potential risks which could result out of a non-compliance, because the year 2019 has been declared as the year of the enforcement and there are already hundreds of companies and organizations which were fined for violating the new regulation. British Airways and Marriot International are the best-known examples with GBP 183.4 million and GBP 99.2 million respectively.
To put it more simply, just a dissatisfied customer, employee, former employee or competitor, who is somehow familiar with the internal processes and policies of an organization could easily become a trigger and send an organization into financial distress and damage the company's image in the public.
We therefore support organizations and individuals to correctly understand and interpret the requirements of the GDPR and provide cost-effective solutions on how to manage their existing processes and collected data in order to achieve and demonstrate compliance with the regulation.
If you are not sure and want to know whether the GDPR is also important to your organization then don’t hesitate and talk to us today. Our experts will analyze your existing policies and guide you through the whole process step by step.