The Key to Effortless GDPR Compliance with Heimdal®

What is the GDPR 

The General Data Protection Regulation (GDPR) is a European Union law enacted on May 25, 2018. It requires organizations to protect personal data and support the privacy rights of anyone on EU territory.

The regulation requires the implementation of seven data security principles and the facilitation of eight privacy rights. It also empowers data protection authorities at the member state level to enforce the GDPR through sanctions and fines.

The GDPR replaced the 1995 Data security Directive, which resulted in a patchwork of data security laws across the EU. The GDPR, approved by an overwhelming majority in the European Parliament, unites the EU under a single data protection framework.

Who must comply with the GDPR?

The GDPR applies to any entity that processes the personal data of EU citizens. "Processing" is a broad word that encompasses almost everything you can do with data: data collection, storage, transmission, analysis, and so on. "Personal data" refers to any information relating to an individual, such as names, email addresses, IP addresses, eye color, political party, etc.

Therefore, even if an organization is not connected to the EU, it must comply if it processes the personal data of individuals in the EU (via tracking on its website, for example). The GDPR also does not apply only to for-profit businesses.

What happens if you don’t comply with the GDPR 

The GDPR empowers each country's data security authorities to impose sanctions and fines on organizations that violate the law. The maximum penalty is €20 million or 4% of total worldwide revenue, whichever is greater. In addition, sanctions, such as data processing bans or public reprimands, can also be imposed by data security authorities.