What is GDPR?

The European Union (EU) passed the General Data Protection Regulation (GDPR) in order to provide internet-users a clearer picture of what personal information and data is being stored and collected. GDPR will take effect on May 25, 2018, and is considered to be the first major change to digital privacy laws since 1995 and will replace the Data Protection Directive currently in place1.

Why is there a new regulation?

The purpose of the regulation is to ensure consumers are aware of how their information is stored when browsing the internet, and force businesses to better protect the online privacy rights of their consumers2. GDPR includes some major ramifications for companies collecting data through websites on EU customers and visitors, as well as those who employ people abroad. Ramifications could be the larger of 20 million euros, or 4 percent of the company’s annual revenue.

Who will this impact?

Although an EU regulation, penalties apply to all countries that collect any type of data on those in the EU. Failure to comply could result in a hefty fine and failure to pay the fine may result in the inability to do business throughout the EU.

Yes, I would like to receive HR news and best practices from XcelHR

The countries that this will affect are EU member states and the UK3. EU member states are4:

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czech Republic

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

Download the white paper to learn how to keep your business compliant.

GDPR infographic

*Not to be taken as legal advice

1Rigg, Jamie. “EU Approves Stricter Data-Protection Rules.” Engadget, 14 July 2016,

 www.engadget.com/2016/04/14/eu-data-protection-rules/.

2“Digital Single Market – Stronger Privacy Rules for Electronic Communications.” European Commission , 10 Jan. 2017, europa.eu/rapid/press-release_MEMO-17-17_en.htm.

3Theeuwes, Bert, et al. “EU: One Employee in Europe Could Trigger New EU Data Protection Obligations.” Society for Human Resource Management , 22 May 2017,

 www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/eu-one-employee-data-protections.aspx.

4https://europa.eu/european-union/about-eu/countries/member-countries_en

5Sayer, Peter. “EU Gives Companies Two Years to Comply with Sweeping New Privacy Laws.” PCWorld, IDG News Service, 14 Apr. 2016,

 www.pcworld.com/article/3056702/eu-gives-companies-two-years-to-comply-with-sweeping-new-privacy-laws.html.