End-to-end GDPR compliance with Camelot
How serious is this topic for your organization?
The new EU data protection regulation implicates compliance efforts for every organization worldwide handling personal data of individuals residing in the EU. Massive revenue-based sanctions will be imposed on companies that not fully adhere to GDPR by May 2018. The clock is ticking and as few as 3% of companies from Germany indicate to be fully prepared for GDPR. Hence, there is a pressing need to start the adjustment program.
Which companies and data are hit by GDPR?
The new law applies to natural persons residing in the EU in relation to processing of their personal data by data controllers and data processors. Regulation completely prohibits processing of data revealing personal ethnic origin, believes (political religious), health (biometric, genetic) and orientation.
Personal data enables to identify the person or indirectly by reference to an identifier, such as: name, address, bank details, personal ID number, IP address, etc.
GDPR applies to all companies processing data of the EU residents, regardless of the location of the company. Additionally, GDPR imposes a list of requirements not only on data controllers (commercially making use of the personal data, e.g. search engines or online stores) but also on data processors (handling of data on behalf of data controllers, e.g. cloud providers, shared service centers).
How does GDPR affect your company?
The following section will present a brief summary of the key changes of the new regime and their impact on organizations. For the exhaustive version refer directly to the regulation text.
The local supervising authorities will be put in charge to monitor the compliance with GDPR. They are allowed to conduct on-site data audits, issue public warnings and most importantly impose financial sanctions on companies not fully adhering to the new law. Fines are set to be as high as 4% on annual turnover of the entire business group or €20 million, whichever higher. Moreover, private claims for material and non-material damages will be simplified.