The GDPR, General Data Protection Regulation, is a set of measurements issued by the European Commission that aims at protecting personal data of EU citizens. These measurements will take effect from May 2018.
If a breach occurs, you company could face fines up to 20 million EUR or 4% of your annual turnover.
The GDPR applies to any organization settled in EU and which collect, store or process personal data of EU citizens, independently of their physical presence on the EU ground. The GDPR target all types of organizations, independently of their size (SME, big companies, start-up) or their legal status (Limited Company, etc.).
Personal data shall be "accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay" (Regulation on GDPR, Official Journal of the European Union).
The processor needs to take every measures to “ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services" (Regulation on GDPR, Official Journal of the European Union).
In accordance with the accountability principle, "the controller shall be responsible for, and be able to demonstrate compliance" (Regulation on GDPR, Official Journal of the European Union).
As processor of data, you need to inform the data subject, in a transparent and intelligible way, about the objectives pursued by the data process and storage. You will need to justify the use of every data collected in a document (terms and conditions).
If you need more information about GDPR compliance and the solutions we can provide your company with, let us know you would like to be contacted.