FREE GDPR Helpline
Call +44 (0) 208 133 2545
The General Data Protection Regulation will apply to EU-based companies and companies across the world with EU citizens as customers. It has a wide extraterritorial reach and potential fines of up to €20 million or 4% of annual turnover, whichever is greater. The fines will be decided on a case by case basis, taking many factors into consideration.
The GDPR does include derogations and special conditions, similar to the Data Protection Directive. Member States can introduce some derogations, for example for the prevention and detection of crime or for national security. Although the GDPR will be harmonising Data Protection laws across the EU, Member States will have the ability to introduce some supplemental laws for special purposes that will be specific to the country.
The derogations and exemptions are in two main areas regarding restrictions and specific processing situations. Article 23 of the GDPR allows Member States to introduce derogations on topics including national security, public security, the protection of judicial independence and proceedings, and the enforcement of civil law matters. Derogations must respect the right to data protection and be a necessary and proportionate measure.
Articles 85 to 91 contains specific data processing situations and the associated derogations, exemptions and powers to impose additional requirements. The specific data processing situations include:
The provisions allow Member States to introduce exemptions to the GDPR where necessary, set their own conditions or establish more specific rules. This recognises that some countries already have specific systems in place, such as national identification numbers, that do not need to be overhauled in order to comply with the GDPR. It also allows some flexibility in how the requirements are met. Some of the laws that are introduced by Member States, such as those under Article 88 regarding employee data, must be provided to the Commission before the GDPR comes into force.
It was announced yesterday that Uber (US) had tried to conceal a data breach that affected 57 million customers and drivers around the world. Uber paid hackers $100,000 to delete
Recruiting Candidates in Europe? Familiarize Yourself with the Updated GDPR Requirements By Mahe Bayireddi October 20, 2017 If you’re recruiting candidates in Europe, you have until May 25, 2018, to
Being the Data Protection Officer of a company is a big responsibility. But what happens if there’s a data breach
The GDPR can penalise companies up to €20 million or 4% of global annual turnover for certain infringements and data
The introduction of the GDPR means that companies will need to step up their game to protect client data, to
I wonder how many victims of the Yahoo hack thought about taking legal action against Yahoo. I imagine it was
Yahoo had estimated that approximately 1 billion Yahoo users had been affected by a hack in August 2013. It now
Equifax has revealed 2.5 million more Americans than previously thought may have had information compromised in a huge cyber security
Corporate finance giant Deloitte suffered a cyber-attack that compromised confidential data, including the private emails of some of its clients,
There have been a number of big data breaches in recent years, including Yahoo, TalkTalk and, most recently, Equifax. In
As the Equifax data breach and associated insider trading fiasco continues to evolve, it threatens to be the most damaging