It is no secret that EU has been slamming Silicon Valley companies with large fines. In June 2017, we saw Google being fined a record high penalty of $2.7bn for using its search engine to unfairly steer visitors to its own shopping platform.
The EU has a new weapon called GDPR, or General Data Protection Regulation. This new landmark privacy regulation has vast implications that many companies and individuals are not yet aware of. And, if you think this EU regulation will only affect companies in EU, think again. It has a much bigger impact.
GDPR expands the privacy regulations of EU citizens, which means that all companies dealing with EU personal data have to comply with the new GDPRregulation. In essence, GDPR is applicable to organisations worldwide that deal with EU private data and enforceable by-law.
So, if you run a startup based in Silicon Valley and you have a German consumer on your mailing list, then you are applicable to GDPR. If you run a SaaS platform and receive signups from Denmark, you’ll be applicable to GDPR.
A short, but important note on EU law
Directives and Regulations are two important legal acts in EU. A directive is a legal act, which requires member states to implement the directive individually. Directives can leave member states with a certain amount of room as to how they implement the directives, as long as they come to the same result.
A regulation, on the other hand, becomes immediately enforceable by law in all member states simultaneously. As such, regulations constitute one of the most powerful forms of European Union law. When a regulation comes into force, it overrides all national laws dealing with the same subject matter and subsequent national legislation must be consistent with and made in the light of the regulation.
GDPR is a regulation and will come into effect in all EU member states May 25th, 2018. It places many new obligations on organisations as to how they can market, track and handle EU personal data, no matter where an organisation is located.
Link to article by Dan Storbaek http://www.ibtimes.co.uk/how-eu-shaking-silicon-valley-gdpr-1643556