GDPR was enforced on 25th May 2018. To ensure compliance, any company involved with the collection of personal data needs to make significant changes to the way they collect, process or document the data. Whereas some privacy tools and procedures have previously been seen as good practice, they will now become legally required. Fines for non-compliance can reach up to €20m or 4% of an organisation’s group worldwide turnover.
Whether GDPR applies to you, if it’s just about data breaches, are the fines insurable and whether your cyber / tech insurance policy covers it – it’s all your questions answered. You can read the full document here.
And don’t forget about your partners, especially if you’re a data processor. If you use sub-processors or contractors, they’ll need to comply with your contractual data protection obligations too. For more information on how the GDPR impacts data processors, view our quick guide.
