The General Data Protection Regulation (GDPR) is a law that affects all businesses that process personal data of EU citizens. The law was designed to give people more power over their data, and give regulators more enforcement powers. There are severe penalties for non-compliant organisations, which is why many companies are trying to get ready before the deadline on May 25th 2018. In this article we’ll be looking at how GDPR will affect IT service providers specifically, whether or not they need to comply with the regulation and what they can do if they do need to comply with GDPR.
The General Data Protection Regulation (GDPR) is a law that affects all businesses that process personal data of EU citizens.
The General Data Protection Regulation (GDPR) is a law that affects all businesses that process personal data of EU citizens. It’s designed to give people more power over their data, and will affect how IT services companies operate in the EU.
The GDPR was adopted on April 2016 and came into effect on May 2018. It replaces two previous regulations: Directive 95/46/EC and Directive 2002/58/EC. It applies to all organizations located within the European Union or processing data about people who reside there–even if they’re not based in Europe themselves–and requires them to comply with strict regulations around collecting, storing, managing and using personal information.
The law was designed to give people more power over their data, and give regulators more enforcement powers.
The General Data Protection Regulation (GDPR) is a law that protects the privacy of EU citizens. It was designed to give people more power over their data, and give regulators more enforcement powers.
One of the main goals of GDPR is to make it easier for people to access and delete their data. The law also requires organizations processing personal information to do so in a transparent manner, so that individuals understand why they’re collecting it and how long they plan on keeping it around.
There are severe penalties for non-compliant organisations.
Under the GDPR, organisations can be fined up to 20 million euros or 4% of their annual global turnover (whichever is higher). This means that companies need to be compliant with the GDPR in order to avoid financial penalties.
If you’re still unsure about how your organisation can be affected by these regulations, here are some examples of how other companies have been penalised for not being compliant:
- Google was fined $57 million for breaking a data protection law in Spain. They were found guilty after failing to delete private user information from its Street View service and then lying about it when asked about it by Spanish authorities.
- Facebook was fined $122 million after allowing Cambridge Analytica access to user data without consent from those users; this led many people who used Facebook during this period (and possibly even more) being targeted with personalized ads based on their online activity – regardless whether those ads were politically motivated or not!
GDPR and the IT service industry
The GDPR is a regulation, not a directive. This means that all businesses that process personal data of EU citizens are required to comply with it.
The GDPR is designed to give people more power over their data and protect them from having their information mishandled or stolen by third parties. Personal information includes names, addresses, photos and more–anything that could be used to identify someone offline (like their credit card number).
What does the GDPR mean for IT service companies?
The GDPR will affect how IT service companies operate in the EU, but not all companies need to comply with it. The law is complex and it is important to understand it and determine if you are required to comply with it.
If your company processes data from individuals in an EU country, then you must comply with the GDPR if any of those individuals live or work there.
This means that if you have employees based in Europe or customers who live or work there, then your business could be subject to this new set of rules on data protection–even if its headquarters are located outside of Europe!
GDPR will affect how IT services companies operate in the EU, but not all companies need to comply with it.
The GDPR will affect how IT services companies operate in the EU, but not all companies need to comply with it.
An IT service company is any business that provides “information society services,” which includes providing software or hardware solutions and hosting websites. For example: if you hire someone to set up your email account, manage your website or develop an internal HR app for your employees–you are engaging an IT service provider.
Companies that provide these types of services need only comply with GDPR if they have customers who are located within Europe (even if they’re based elsewhere). If a company doesn’t have any European customers then they don’t have any obligations under GDPR unless they decide voluntarily adopt some aspects of it anyway, like keeping records of personal data breaches and so forth
Conclusion
GDPR is a complicated law and it will take time for companies to get their systems in order. But if you’re a small IT service provider who deals with EU customers, then you should definitely start preparing now!