WHAT IS GDPR?
The General Data Protection Regulation or “GDPR” is a piece of legislation, adopted to replace the current 1995 Directive. The GDPR had a 2-year transitional period ending on the 25th of May 2018. By then all the affected organisations need to implement the measures regarding the protection of personal data.
The GDPR marks the beginning of a new era in personal data protection within Europe mainly for 2 reasons – the fact that it is a Regulation and not a Directive, meaning that member states are required to implement the law on a unified basis thereby creating a “one continent one law” AND the hefty fines introduced by it which highlights the importance of controlling and/or processing personal data of EU data subjects.
What makes GDPR even more powerful is that it is perceived as a global data protection law as a result of the extraterritorial scope of the GDPR. This represents a significant expansion of EU data protection obligations to cover all processing activities relating to EU-based data subjects. Thus, almost any organization (whether or not they are physically present within the EU will fall within the remit of the GDPR where they have access or control of personal data on EU data subjects).