By replacing the Data Protection Directive, the GDPR has extended the privacy scope to cover data held when an organization or person is in the EU.
The Regulation also applies on international data transfers, physical and digital, to organizations or companies seated in third countries which process EU citizen data.
Data processors exist in all economic sectors including banks, payment institutions, hospitals, telecom operators, retailers, e-commerce providers, over the top players, social networking platforms and suppliers located in the US, Asia, Africa or elsewhere. It is therefore important for each specific organization doing business with Europe to identify and map out those areas that will have the greatest impact on its business model.
Direct compliance obligation on both controllers and processors of data
Moreover, the GDPR extends the direct compliance obligations on both controllers and processors, such as outsourced service providers, fintech companies, suppliers of hardware and software vendors. If they both fail to comply with the new EU data protection law, they are exposed to turnover-based fines, imposed by supervisory authorities. Such fines are similar to the ones provided for the breach of competition rules in Europe. They may reach up to 4% of the infringers’ global annual turnover or 20MEuro, whichever amount is bigger.
As a result, the scope of the GDPR extends beyond the European Economic Area and becomes a de facto global “gold” standard in privacy and data protection. Failure to comply with its provisions, as for instance on the users’ “right to be forgotten” and the data accountability obligations may lead non GDPR-compliant organizations to be excluded as business partners by European controllers and consumers.
What Telecom Experts can do for you
Telecom Experts helps your organization understand the implications of the GDPR for your business while creating trust and confidence to your customers.
We review your contracts and guide you on how to become accountable for data processing.
We supply you the legal and technical toolkit to demonstrate fairness and transparency in data processing.
We assist you on how to report data breaches and perform legitimate overseas data transfers.
We propose you policies, standards and a roadmap to compliance with your legal obligations.