The General Data Protection Regulation (“GDPR”) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union (“EU”), and will be directly applicable in all EU Member States from that date. The GDPR’s focus is the protection of personal data, i.e. data about individuals, and builds on existing data protection laws, setting out the responsibilities of businesses in relation to the personal data they collect, hold, transmit and otherwise use.
The GDPR is extra-territorial in nature and applies not just to organizations within the EU who process the data of individuals but also organizations outside the EU who offer goods or services to individuals in the EU, or who monitor the behavior of individuals in the EU. Because the EU is a trading partner of most countries, the GDPR’s wider scope means it has implications for many businesses worldwide, and will effectively require them to be compliant if they wish to operate in EU member states either directly or as a third-party for others.
As one example, if a company based in the United States or Canada, or another non-EU country, collects or processes personal data of any employee, prospect, customer, partner, or supplier that is based in the EU, that company will need to be compliant with the GDPR.
Sage has a project team who are focusing on the implementation of GDPR, and which is endorsed by the Sage Board.
In addition, Sage has robust governance procedures in place to manage the implementation of GDPR including a Data Governance Committee comprising many key stakeholders to ensure all areas of our business will be ready for GDPR from the date of enforcement in May 2018.
Learn more about Sage GDPR preparations.