GDPR protects the personal data and data privacy of all EU residents. Personal Data means any information related to a natural person (Data Subject) that can be used to identify the person directly or indirectly: name, photo, email address, bank details, posts on social networking websites, medical information, IP address, or similar. GDPR will be enforced on May 25th, 2018. It will give consumers more rights, while obligating the service providers to implement new processes and policies.
If your company offers goods or services to, or monitors the behavior of, EU data subjects, GRPD is applicable to you, regardless of your company’s location. If your company does not comply with GDPR, you can be fined up to 4% of annual global turnover or €20 Million – whichever is larger. Note that these penalties apply to both to persons who plan processing of personal data (Data Controllers) and persons who process personal data (Data Processors), so using a cloud solution does not remove your obligation to GDPR. You also need to be able to prove your compliancy.
GDPR is not only on the responsibility of CIO. It also covers all personal data: the paper copies of employment contracts, paychecks, expense claims, contracts of employment and email distribution lists. It applies to all work, like locking the cabinets containing documents with personal data, verifying the identity of a customer when a delivery is being picked up – even a parcel can contain personal data.