The following (28) countries currently make up the EU:
Austria, Belgium, Bulgaria, Croatia, Republic of
Cyprus, Czech Republic, Denmark, Estonia, Finland, France,
Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden and the UK. (The UK is
leaving the EU).
This new requirement will apply to your business if it
collects or processes the personal data of any EU citizen.
“Any information related to a natural person or ‘Data
Subject’, that can be used to directly or indirectly
identify the person. It can be anything from a name, a
photo, an email address, bank details, posts on social
networking websites, medical information, or a computer IP
Businesses that collect this data must do the following:
-Get explicit consent from customers.
-Give customers the opportunity to opt in or out.
-Give customers the opportunity to withdraw consent.
-Get parental consent for customers under the age of 16.
-Do not collect data on anyone below the age of 13.
-Appoint a Data Protection Officer (DPO) if your business is
(a) publicly held; (b) engages in large scale systematic
monitoring, or (c) engages in large scale processing of
sensitive personal data.
The DPO is someone who is familiar with GDPR.
-Report data breaches to the authorities and to individuals
within 72 hours.