What do you Creative Agencies need to know for GDPR?
From the 25th May 2018 the General Data Protection Regulation will come into force across all the EU member states, currently 28 as follows:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
Clearly the UK will still be a member and therefore affected in the same way by this EU law that replaces the Data Protection Act which has been around for 20 years, but now the regulation comes with the full power of the EU courts making it a legal requirement for all companies to adhere to the regulations, or face some heavy fines up to €20 million or 4% of a company’s global annual income (whichever is the larger amount).
Even after the UK officially exists the EU the same legislation will largely apply on the basis that many companies are still trading or performing some function in Europe and therefore still liable based on this regulation, and this has been confirmed as extending out globally to any company in any country processing European citizen data.