The European Union GDPR Law went into effect on May 25th, 2018. We HIGHLY recommend that you discuss GDPR with your attorneys and modify any privacy policies in accordance with their advice. As an Operator, YOU are responsible for implementing your own policies to comply with GDPR.
The General Data Protection Regulation (GDPR) is a regulation where the European Parliament, the Council of the European Union, and the European Commission will strengthen data protection for all individuals within the European Union (EU). In other words, the individual will regain control of how their personal details are begin used. This will give them several rights including access to their data and the power to withdraw it. It will pose a few challenges to organisations as they now cannot simply gather data without good reason and, must prove that they able to protect the data they do hold.
Failure to comply will result in fines of up to 4 per cent of the company’s annual global revenue or €20m, whichever is greater. Also recent analysis from Oliver Wyman indicates that the FTSE100 could face fines of £5bn a year, once the regulation takes effect.
For additional information on what the GPDR is, please see this website https://www.eugdpr.org/