<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    GDPR applies to all EU member states, but what is different about the way the General Data Protection Regulation (GDPR) is implemented within the EU member states, is, unlike the 1995 Directive, the GDPR is not a Directive, guidance or best practice, but actual EU wide Regulation. This means that the GDPR is enacted across all of the EU member states, from the same date and in the same way that it was written and issued by the EU. The GDPR did not require adaptation and transposition into member state law, it is member state law.

    The reason behind the GDPR

    Part of the reason behind the GDPR, was the need to harmonise data protection controls across the EU, as well as bringing the EU’s data protection legislation up to date with the way in which the EU and the world operates, interacts, conducts business and communicates. In today’s world for example, within excess of 2 billion Facebook users alone, it is hard to imagine that when the previous data protection legislation was enacted, in 1995, it is estimated that less than 1% of the population had access to the internet, and that social media sites such as Explorer, Facebook, Ebay and Amazon didn’t even exist!

    It is clear that the previous legislation did not adequately, or specifically provide protection for data used and communicated in today’s world, hence the need for the change and GDPR.

    So, does it all just impact the EU then? Or does this piece of EU Regulation carry force and impact around the world? Article 3 of the GDPR details the territorial scope of the regulation as being “the processing of the reason behind the gdprpersonal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not”, and “applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union or the monitoring of their behaviour as far as their behaviour takes place within the Union”.

    So, to clarify, whether the data subject is in the EU, or the processing of data runs in or through the EU, GDPR will apply. However, one might ask oneself, that if a controller or processor is not physically located within the EU, how can they be penalised if they breach? A question I am sure is on the lips of a lot of non EU controllers and processors, given the increased level of fines that can now be made.

    In short, the answer is – that such firms can still be penalised, as even though they may be physically located outside of the EU, to operate inside of the EU, or to process the data of an EU citizen,  the data controller or processor must still, according to Article 27 of the GDPR, designate a representative who shall act as a contact point for the processer or controller, with for example, the relevant supervisory authority.

    Therefore, whilst this is an EU based regulation, the consequences of getting it wrong, could, be impacting the whole of the world, if they wish to trade in, with or through the EU.

    With regard to the UK specifically and Brexit, the UK has made it clear that Brexit will not impact on the implementation of the GDPR and that indeed, if the UK wishes to trade with the EU and the world post Brexit, it will have to align itself to the data protection laws under which every other country operates.

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    How to use storytelling in compliance training for maximum impact

    Stories help us to connect with people and the world around us. They have the power to  engage us in a way simple narratives just can't. And we remember stories. I'll bet you still remember your ...

    Read More
    5 ways to fire up a culture of compliance

    Any company's biggest risk to attaining and maintaining full compliance with laws and regulations is the conduct of its people - we call this the people dimension of compliance. And against this ...

    Read More
    6 traits of effective compliance officers

    Protecting the ethical integrity of a company is the heart of the compliance officer’s role. And as regulators continue to clamp down on misconduct with higher fines, compliance officers are under ...

    Read More
    New infographic reveals a lack of transparency about political engagements

    Nearly three quarters of companies are failing to disclose how they engage with politicians, according to a new report by Transparency International UK. The 2018 Corporate Political Engagement Index ...

    Read More