What is GDPR? GDPR stands for General Data Protection Regulation. It is a new European regulation that covers data protection and is aimed at improving and unifying the way personal data is currently protected. The Regulation will take effect on 25th of May 2018 and it will replace the current European Data Protection Directive.
Who does GDPR apply to? The GDPR applies to
processing of personal data of EU citizens. This means that it not only applies to EU based
organisations, but that it also applies to
organisations that are based outside of the EU that offer goods or services to EU citizens or any
organisation that processes the data of EU citizens.
Does this affect me in New Zealand? This will mainly affect larger companies and shouldn’t affect smaller e-commerce or informational sites, provided they are not selling to or collecting information from EU customers. If you have a website and are unsure about whether you are affected, talk to the company that manages your website for more information.
Why am I getting so many emails about “Updated privacy policies”? Most of the larger companies that provide services to customers in the EU will need to update their policies to make sure they are compliant when the new regulation takes effect. Unfortunately for people that have signed up for a lot of services, it may seem like you are getting spammed the closer we get to the 25th of May.
What if I don’t follow GDPR? What are the penalties? When GDPR is enforced,
organisations that breach the regulations may be fined either between 2% to 4% of their annual global turnover or up €20 million, whichever is higher. Frequent breaches of the regulations and failure to address the issue can even result in higher fines of up to €40 million.