The law is aimed at securing EU citizens’ personal data in a standardized way. It enforces companies – small businesses and enterprises alike – to comply with a comprehensive set of protection rules. It obligates them (every firm working with EU personal data, irrespective of its location) to audit regularly their data processing system and report, promptly, every failure and data breach.
BOLEUM supports completely the EU parliament’s decision to strengthen data security. We have always been committed to protecting client’s records, we consider this new regulation a force for good, and we will go out of our way to comply fully with every aspect of this landmark piece of legislation.
It puts an obligation on companies to be introspective and review carefully each procedure they have in place that concerns clients’ data. CEOs must reassess the way information is being collected and unveil to the public how each piece of data flows through their organization.
Transparency lies at the heart of GDPR and so does a user’s authority.
Companies can no longer assume consent when, for example, they want to send an email to a potential client. They can only use personal addresses (and other sensitive data) after explicitly being permissioned to do so: a user must actively opt-in to receive notifications and website disclaimers, no matter how detailed, will not suffice.
Besides, EU residents have a right to have their personal information deleted permanently from all company’s databases.
Those failing to meet GDPR requirements might face substantial penalties. Namely, they might be forced to pay:
The severity of the penalty will depend on the nature of infringement.
The regulators might levy a fine in an amount that is the higher of 2% of company’s annual turnover or €10m when a non-compliance has to do with technical measures such as breach notifications, etc.
If there’s a non-compliance with the core GDPR principles, say an infringement of clients’ rights or inadequate data processing, the fine amount will be the greater of 4% of a firm’s annual gross revenue or €20m.