Do I Need to Be GDPR Compliant

            By Jason Wang, CEO of TrueVault






            GDPR is a new law regulating the processing (collection and use) of individuals’ personal data, which
            came into effect on May 25, 2018.

            If you are covered by GDPR, then not only will your customers expect you to be compliant, but your
            business partners may require it as a condition of their contracts. Moreover, the fines for breaching the
            Regulation are harsh, going up to €20,000,000 or 4% of your global turnover (whichever is higher).

            With that in mind, it is important to know whether you are within its scope.



            Data Controllers and Data Processors

            To  start  with,  GDPR  applies  to  people  and  organizations  which  act  as  data  controllers  and  data
            processors:
            Data controllers decide the purposes and methods of processing personal data – they coordinate
            processing.

            Data processors are responsible for directly processing personal data based on the instructions
            of data controllers. This could include subcontractors, for example.

            GDPR will cover any organization which keeps a customer or membership list, or information about its
            employees. Therefore the vast majority of organizations will be affected, as long as they have dealings
            with the European Union.



            Dealings with the European Union

            GDPR was created by the European Union to protect its citizens, and so it only affects organizations with
            some kind of relationship with the EU or its people. That said, it does not only apply to companies based






                                 61