By Natasja Bolton, Senior Acquirer Support QSA
The General Data Protection Regulation, or GDPR for short, will affect the processing and movement of the personal data of the approximately 500 million citizens populating the EU Member States. The new legislation will apply across all EU Member States from 25th May 2018.
Furthermore, the GDPR has the potential to impact globally: any company that offers goods and services to, or monitors the behaviour of, citizens of EU Member States will fall under its scope. These companies will be therefore liable for penalties in relation to non-compliance.
“…fines for the first tier going up to €10 million or 2% of worldwide annual turnover. Whilst fines for the second tier going up to €20 million or 4% of worldwide annual turnover.”
Under GDPR supervisory authorities will be able to impose significantly larger fines; these fines can be imposed on both Data Controllers and Data Processors. A two tier system will come into effect with fines for the first tier going up to €10 million or 2% of worldwide annual turnover. Whilst fines for the second tier going up to €20 million or 4% of worldwide annual turnover.
Though these fines will have major implications on businesses, the legislation will harmonise regulation to “ensure a consistent and high level of protection of natural persons and to remove the obstacles to flows of personal data”. In replacing the 1995 Data Protection Directive, the GDPR will be directly applicable across the EU, without the need for Member States to implement national legislation.
From a legal perspective the General Data Protection Regulation is ground breaking, as it gives Europeans new rights and more control over the processing of their Personal Data. The EU’s reform of Personal Data protection rules is a key enabler of the Digital Single Market.
Driven by the EU’s aim to improve EU citizens’ access to digital goods and services, the Digital Single Market will update EU rules and regulations to support business growth. In turn this should aid the economy and society of Europe as a whole to benefit fully from the digital age.
The GDPR will be welcomed by businesses as it unifies Personal Data protection regulation across Europe. Simplifying and updating the rules on the proper, appropriate and secure processing of Personal Data.
At Sysnet we have analysed the new regulation and prepared a simplified fact sheet that explains in plain English what the changes mean and the steps that businesses will need to take.
Sysnet has extensive experience in security and compliance. Our passion for pragmatic and innovative solutions allows us to be the thought leaders in the market when it comes to addressing such multi-layered and complicated challenges related to security. For further information or to request a call back or email email@example.com
If you are a merchant that requires technical or PCI DSS help, please click here