The proposed EU General Data Protection Regulation extends the scope of data
protection law to all companies processing data of EU residents.
The regulation applies if the data controller (organization that collects data from EU residents) or processor (organization that processes data on behalf of data controller) or the data subject (person) is based in the EU. This does come at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or 20m Euros, whichever is greater.
According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.
The regulation does not apply to the processing of personal data for national security activities or law enforcement within the European Union. However the reform package also includes a separate Data Protection Directive for the police and criminal justice sector that provides robust rules on personal data exchanges at national, European and international level.
Solvassure. Compliance Technology.