The General Data Protection Regulation (GDPR) is an EU regulation that protects the data and privacy of anyone living in the European Union, enforceable on May 25, 2018. The regulation applies to all organizations and companies, regardless of their location, that collects or processes the data of EU resident’s. Examples of personal data include social security numbers, IP address, photos, names addresses, genetic data and nearly everything that can be used to identify an individual.
What are controllers and processors?
GDPR compliance requirements are applied to controllers and processors of data. A controller is an organization that must tell consumers, in plain language, why and how they are going to process personal information. The processor is an organization that is performing the data processing. The controllers have to ensure that their processor is GDPR compliant.
What if you are not GDPR compliant?
Companies that are not GDPR compliant will face hefty fines – up to $24 million or 4% of annual global turnover, whichever is higher.
The maximum fine depends on whether the controller or processor committed any previous violations and the nature of a breach. There are two fine thresholds. First, higher one which is 4% of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. The lower fine threshold fine is 2% of an undertaking’s yearly worldwide turnover or 10 million euros, whichever is higher.
Key highlights of GDPR
Let’s take a look at the key highlights of GDPR:
- It is compulsory to comply with the regulation regardless of where your company is located and processes the data.
- If there’s a breach of data, breach notification should be sent within 72 hours of becoming aware of the incident.
- General Data Protection Regulation makes it a legal requirement that data protection must be considered when designing a system and not as an afterthought or addition.
- Types of data that GDPR protects – Basic identity information such as address, name, and ID numbers, web data such as location, cookie data, IP address and RFID tags, health and genetic data, biometric data, racial or ethnic data, political opinions, sexual orientation.
- The GDPR will allow an individual to receive and request their personal data and transmit it to another data controller.
Make sure that your WordPress website is GDPR compliant before 25th May. WPLegalPages will soon be rolling out a feature that’ll help you with GDPR compliance. Subscribe to our newsletter and keep an eye on your inbox for further updates on GDPR feature of WPLegalPages.