Late in the GDPR Game?

GDPR will affect every business and public body that processes the personal data of EU residents, including individuals on behalf of other businesses. It’s an illusion to have the impression that only IT Departments are responsible for data protection. Departments that are well impacted are the ones that receive, hold or process personal data (HR, Accounting etc). The GDPR will apply from the 25th of May, 2018 to organizations if they: (i) offer goods or services to EU residents; or (ii) monitor the behavior of EU residents (e.g., organizations that offer online businesses). For the most serious violations, privacy regulators will be able to impose penalties of up to €20m or 4% of global revenue (whichever is higher). Organizations will be under greater obligations to provide assurance to their boards, customers and regulators that their data protection processes and procedures are fit for purpose.

What is processing? Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not  by  automated  means, such  as  collection, recording, organisation, structuring,  storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  alignment or combination, restriction, erasure or destruction.

And what do we mean by personal data? We mean identification (name, age, residence, occupation, marital status etc.), physical characteristics, education, labor relations, economic situation, electronic traces, interests, activities and habits.