I recently had the pleasure of chatting with Dejan Kosutic, CEO of Advisera, a provider of documentation and online support for various international standards such as ISO, ITIL and, more recently, GDPR compliance. It’s about the hot topic of GDPR, since it is a stringent and imminent issue on everyone’s mind in the ecommerce world and beyond. Dejan, thanks so much for your time!
Let’s start with the basics: what is GDPR?
EU GDPR is an abbreviation for the European Union General Data Protection Regulation, a regulation that defines how organizations need to protect the personal data of EU citizens.
But in order to answer this question properly and put it into context, I would make a note on what we define as personal data, to know what this directive refers to.
Personal data is anything that can identify a person – e.g., first and last name, email address, ID number, credit card number, etc. However, it can also be an IP address from which a person visits a website.
When does GDPR come into effect?
GDPR was published in 2016 and it will come into effect on May 25, 2018.
Which organizations need to be EU GDPR compliant and what does it mean for them?
GDPR is applicable to all organizations that handle personal data of EU citizens – both organizations located in the EU, but also organizations outside of the EU, for instance in the United States or China. It doesn’t matter whether a company is private or government-owned, whether it is for-profit or a charity. GDPR is applicable to high-tech industries like e-commerce, and to low-tech industries like mining. If you handle personal data for people who live in the EU, GDPR applies to you.
Is GDPR applicable only to European countries, or to the entire world?
GDPR is an EU regulation, which means is it directly applicable to all 28 EU member states; GDPR allows member states to define different rules for some specifics, e.g. minimum children’s age for providing consent without authorization of its parents. Again, any organization that deals with the personal data of EU citizens is affected by GDPR, no matter where the organization is located.
Why GDPR, why now?
Having our personal data in digital form, in the cloud, has become a necessity in modern times. On the other hand, data breaches are becoming increasingly widespread, and more and more dangerous for our privacy, and EU lawmakers wanted to stop this trend. Basically, they wanted to eliminate one of the biggest obstacles to the development of information society and give people the confidence to continue interacting and doing business online.
What do companies and organizations need to do next?
Well – they have to comply! In other words, they have to learn what is GDPR, organize a project team and start the implementation.
Thank you so much!