GDPR (General Data Protection Regulation) – Are you ready?

Here’s what every company needs to know about GDPR (deadlines, requirements, penalties…)


The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will be reinforced May 25, 2018.

Below are some relevant Frequently Asked Questions about the incoming GDPR.

*The information contained within this section does in no way constitute legal advice.

What is GDPR

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intended to create more consistent protection of consumer and personal data across EU nations.

What is personal data?

Any information relating to an identified or identifiable natural person (‘data subject’) – identified by an email, name, IP address, etc.

When does it take effect?

The GDPR becomes fully enforceable throughout the European Union on the May 25, 2018.

Who does the GDPR affect?

It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?

Organizations can be fined up to 4 percent of annual global turnover for not complying to the GDPR or €20 Million.

Does the GDPR require EU data to stay in the EU?

No, the GDPR does not require European Union personal data to stay in the EU.

Does the GDPR affect US and Canadian organizations?

Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. Therefore, any U.S. or Canadian-based company that has a web presence in the EU must comply, for example.