The General Data Protection Regulation UK Spelling - Page 11

FAQ Q. What impact will the GDPR have on companies based outside of the EU? The GDPR is focused on the rights and freedoms of EU citizens. If you are processing data on, or providing goods or services to, EU citizens, then you will need to comply, regardless of your location. Q. Will Britain’s decision to leave the EU impact on the GDPR? The UK Government has committed to complying with the GDPR by 25 May 2018, under the same timescales as the EU. So, Brexit makes no real difference assuming that post Brexit, the UK will have implemented the GDPR and will be deemed an adequate jurisdiction for data privacy. Q. How will the GDPR be enforced? The EU Commission will increase the powers of Supervisory Authorities (SAs), the local geographic data protection bodies. These will include investigative powers (audits, reviews, notifications) and supervisory powers (warnings, compliance orders, fines) and will be supported and underpinned by the rule of European Law. Member States will have individual discretion to decide the rules on criminal sanctions for infringements of the GDPR. Q. Will the new legislation be applied to information we already have stored within our systems? Yes. Once the act is in force it will apply to all personal data relating to EU citizens regardless of when it was acquired. Q. What are the financial implications for non-compliance? Fines imposed could be up to the greater of EUR20 million or 4% of worldwide turnover. SAN FRANCISCO | NEW YORK | LONDON | READING | PRAGUE | KUALA LUMPUR | SYDNEY