- The GDPR applies to all 28 EU member states and has the full force of the law.
- It applies to EU citizens’ personal data, regardless of where it is collected, stored, or processed – whether inside or outside of the EU.
- If your company collects and stores the personal data of EU citizens, the GDPR is relevant to your organization, even if you don’t have a formal presence in the EU zone.
- There has been a transition period of two years for organizations to implement compliant processes. The deadline is May 2018.
- The GDPR does not apply to the processing of personal data as it pertains to matters of national security or "purely personal or household activity."
- Failure to comply has two categories of fines: Level 1 = €10M or 2% of global turnover; Level 2 = €20M or 4% of global turnover.
- In addition, individuals and privacy advocates may file civil suits, and executives maybe jailed.