Who does the GDPR apply to?
All 'Controllers' and 'Processors' of data need to abide by the GDPR. A Controller decides how personal data is processed, while a Processor is the one doing the actual processing of the data. Consequently, the Controller can be any company, organisation or government. The Processor can be any subcontractor or affiliate performing the actual data processing.
How about sanctions?
Besides liability for damages, sanctions can be imposed by a supervisory authority, amongst others:
· Warnings, reprimands and orders
· Data protection audits
· Administrative fines up to € 20M or 4% of the total worldwide annual turnover, whichever is greater
Do companies actively prepare for the application of the GDPR?
According to a recent survey carried out by a well-established Belgian based law firm*, 62% of businesses is actively preparing for GDPR. However, only 25% has involved a counsel to launch a compliance audit or draft an action plan.
What can Legalia do for you?
Legalia can provide you with experts in Data Protection having a strong in-house background.
They can rapidly partner up with you and join your teams to help perform audits, give advice and implement the new legislation.
* Loyens & Loeff carried out a survey on GDPR from 18 April 2017 to 8 May 2017.