The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law for data protection and privacy of all individuals within the European Union. It is the largest European regulation of personal data protection over the last 20 years and will affect almost every organization. The objective of Regulation 2016/679 of the European Parliament and of the Council - GDPR is to harmonize the existing data protection laws in the individual EU Member States. The fact that GDPR is a ‘regulation’ means that this legislation will be applicable in all EU Member States. It is also applicable for export of personal data outside the EU. Non-compliance to GDPR will attract heavy penalties as levied by the regulators.
Enforcement date: 25th May 2018
- Data controller: An organization that collects personal data from EU data subjects
- Data processor: An organization that processes the personal information on behalf of the data controller or data subject (person) that is based in EU.
- The GDPR not only applies to organizations located within the EU but it will also be applicable to organizations located outside of the EU, if they offer goods or services to, or monitor the behavior of, EU data subjects.
- It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
- TÜV SÜD, headquartered in Germany, can provide a greater exposure on the EU’s GDPR law and related regional laws.
- TÜV SÜD is currently helping several organizations around the globe to be GDPR ready.
- TÜV SÜD has been a world leader in premium quality, testing and inspection solutions since 1866.
- Spread across 1000+ locations, including Europe, USA and India, TÜV SÜD can be a one-stop shop for GDPR compliance across the globe.
- TÜV SÜD’s experts have helped several clients from all around the world meet their GDPR requirements
- Pre-requisite for doing business in EU region involving PII data of EU data subjects
- Improved brand equity and reputation
- Enhance your data security and privacy profile
- Increased customer loyalty
- Increased trust in the global market
- Improved decision making
TÜV SÜD supports your organization globally with our end-to-end GDPR services including:
- GDPR readiness/gap assessment
- Third-party assessment
- GDPR roadmap
- GDPR implementation
- External data protection officer services
- Monitor & maintain GDPR compliance
GDPR Trainings
- 1 day GDPR awareness training
- 5 day(s) GDPR implementation training
Your clients will want to know that they can trust your organization to protect their personal data and hence, GDPR compliance will be critical to building trust and earning loyalty.
In case you receive EU Citizen PII from your customer, they would mandate the your organization provides assurance of GDPR Compliance
GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects.
It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
GDPR implementation involves deep understanding of data privacy, the regulation and involves multiple stakeholders from the organization including Legal, HR, IT, Infosec, Business teams and management.
Other Challenges:
- Heavy financial liability in terms of penalties shall be levied by regulators
- Loss of business
- Loss of customer trust
- Brand reputation is an organization’s most valuable asset which is built over a course of time. Not complying to GDPR may adversely affect your brand image
Important Timelines
The EU-GDPR (European Union General Data Protection) regulation act will be enforced from 25th May 2018 onwards.
Penalties levied by regulators
- Fine may be the greater of €10 million or 2% of global annual turnover, whichever is higher
(For non-compliance: Technical measures like impact assessments, breach notifications and certifications) - Fine may be €20 million or 4% of global annual turnover, whichever is higher
(For non-compliance: Key provisions of GDPR, basic principles for processing, transfer of personal data to a recipient in a third country, data subjects’ rights and non-compliance with an order by a supervisory authority)
- Data controller: An organization that collects personal data from EU data subjects
- Data processor: An organization that processes the personal information on behalf of the data controller or data subject (person) that is based in EU.
- The GDPR not only applies to organizations located within the EU but it will also be applicable to organizations located outside of the EU, if they offer goods or services to, or monitor the behavior of, EU data subjects.
- It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
- TÜV SÜD, headquartered in Germany, can provide a greater exposure on the EU’s GDPR law and related regional laws.
- TÜV SÜD is currently helping several organizations around the globe to be GDPR ready.
- TÜV SÜD has been a world leader in premium quality, testing and inspection solutions since 1866.
- Spread across 1000+ locations, including Europe, USA and India, TÜV SÜD can be a one-stop shop for GDPR compliance across the globe.
- TÜV SÜD’s experts have helped several clients from all around the world meet their GDPR requirements
- Pre-requisite for doing business in EU region involving PII data of EU data subjects
- Improved brand equity and reputation
- Enhance your data security and privacy profile
- Increased customer loyalty
- Increased trust in the global market
- Improved decision making
TÜV SÜD supports your organization globally with our end-to-end GDPR services including:
- GDPR readiness/gap assessment
- Third-party assessment
- GDPR roadmap
- GDPR implementation
- External data protection officer services
- Monitor & maintain GDPR compliance
GDPR Trainings
- 1 day GDPR awareness training
- 5 day(s) GDPR implementation training
Your clients will want to know that they can trust your organization to protect their personal data and hence, GDPR compliance will be critical to building trust and earning loyalty.
In case you receive EU Citizen PII from your customer, they would mandate the your organization provides assurance of GDPR Compliance
GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects.
It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
GDPR implementation involves deep understanding of data privacy, the regulation and involves multiple stakeholders from the organization including Legal, HR, IT, Infosec, Business teams and management.
Other Challenges:
- Heavy financial liability in terms of penalties shall be levied by regulators
- Loss of business
- Loss of customer trust
- Brand reputation is an organization’s most valuable asset which is built over a course of time. Not complying to GDPR may adversely affect your brand image
Important Timelines
The EU-GDPR (European Union General Data Protection) regulation act will be enforced from 25th May 2018 onwards.
Penalties levied by regulators
- Fine may be the greater of €10 million or 2% of global annual turnover, whichever is higher
(For non-compliance: Technical measures like impact assessments, breach notifications and certifications) - Fine may be €20 million or 4% of global annual turnover, whichever is higher
(For non-compliance: Key provisions of GDPR, basic principles for processing, transfer of personal data to a recipient in a third country, data subjects’ rights and non-compliance with an order by a supervisory authority)