Return to site

Who Does GDPR Apply to?

broken image

In the post, we’ll highlight some of the main themes of the General Data Protection Regulation, also known as (GDPR) to assist establishments in understanding the new legal framework concerning individual privacy rights. This set of laws come into place on 25 May 2018 and applies to any organization that handles personal data of people living in the European Union (EU). The regulation set into effect to define data privacy as well as how to determine whether an organization is adhering to it as well as setting out the consequences of non-compliance, which includes significant financial penalties. You can get more information on GDPR now.

Although there may be a notion that GDPR only applies to organizations based in the EU that process personal data, the truth is that it also governs organizations outside the EU but target or monitor data of EU citizens. This may be either through providing goods and services data subjects in the EU or by checking the trends of EU data subjects – whether as clients, prospective clients, or employees.

With numerous organizations and series running across borders, worldwide uniformity around data protection regulation and rights is critical, both to firms, persons as well as organization. The purpose of the Information Commissioner’s Office (ICO) has always been around working meticulously with regulators in different jurisdictions, and will always be that way. Having specific regulations with precautions in place is essential than the increasingly growing digital economy. Therefore, the question is, who does gdpr apply to?

Controllers and processors have to comply with the GDPR. The designations are generally identical as under the DPA; the controllers explain the reasons and procedures of processing personal data, and the processor performs on behalf of the controller. If you are at present a subject to the DPA, there is a probability that the GDPR will also apply to you. For processors, the GDPR puts in place precise legal requirements on you. For instance, you must maintain personal data records as well as records involving processing events. You will be a considerable legal liability in case you are guilty of a breach. On the other hand, controllers are as well subjected to their duties where processors are involved. The GDPR is put into effect when processing is done EU-based organizations as well as establishments beyond the EU but provide goods or services to consumers in the EU.

In addition to that, various types of information are also subjected to GDPR. Personal data, as well as sensitive personal data (special categories of personal data), will be subject to the laws. According to the explanation of the GDPR, any information that includes online identifiers such as IP address qualify to be personal data. On the other hand, sensitive personal data includes biometric data as well as genetic data, where the information is processed to isolate a person distinctively. Find out more here: https://en.wikipedia.org/wiki/Database.