GDPR Compliance explained
General Data Protection Regulation is a European Union (EU) initiative which comes into effect in May 2018. It is being put in place to strengthen individual’s data protection and also regulate the export of personal data outside of the EU.
Ultimately the regulations aims to give private citizens much better control over any personal data that any company holds about them. At the same time the regulation aims to bring together one consistent set of protection and privacy rules that are in sync across the EU and beyond.
Even though GDPR compliance is governed by the EU it remains relevant in Asia also. Asian based entities that are subsidiaries of European companies are affected as are any Asian companies whom target or sell to European consumers and customers.
Companies in Asia that meet fall into this category will need to be GDPR compliant or face risk of significant fines of up to 20 million euros or 4% of their global revenue.
The major focus areas of GDPR compliance are as follows:
These are the high level areas for consideration, the complexity on a case by case basis varies, however the detailed analysis and research required for large companies to become completely GDPR compliant is non-trivial and may require the assistance and consultancy of experts in this field.