As most people know, we have the General Data Protection Regulation (GDPR) since 2018 in the EU. It is a robust framework for protecting individual data privacy of EU Citizens and that is also already the point that should get more attention. It is not a Law for the EU but for all Citizens, making it an extra-territorial Law that in theory must be respected by every company that has any personal Data of EU Citizens stored.
I know what you are thinking, I am outside of the EU, so what are they going to do?
Well, they will put you on trial and fine you, depending on factors like: (1) does my country have a data protection agreement with the EU; (2) do I have/want to conduct more business in the EU etc.
You might be compelled to pay the fine rather than feel the full force of EU Law. While smaller Companies might ignore this if they don’t have any EU Headquarters, bigger Companies already started paying fines even without EU Headquarters to save their business relations and their reputation.
So, what is it that you should do to avoid this?
There are three easy steps to make sure you comply to the GDPR Law.
Step 1: Conduct GDPR Training for Staff and executives once per year.
Step 2: Perform a data audit to identify EU personal data that gets processed.
Step 3: Get an EU Representative for the communication with the authorities.
This is meant as a quick overview over the GDPR Situation; expect more articles from me about this topic which will go into more detail about different cases concerning the GDPR Law.
If you or your clients have any questions about the GDPR, you can always contact me.
Sebastian Klaus
GDPR Protection officer TÜV
sklaus@kp-taxandlaw.com
Hugenottenallee 171a
63263 Neu-Isenburg (Hesse)
Germany