Most people have heard about GDPR, the General Data Protection Regulation,that went into effect in the European Union on May 25, 2018. GDPR is a legal framework that replaced the outdated 1995 Data Protection Directive that was no longer effective as it was adopted at a time when the internet was in its infancy. The rules and regulations of GDPR are designed to enhance and improve security, transparency and accountability by data processors and data controllers. Moreover, this data protection act was introduced with the goal of improving individuals’ rights in the EU regarding their data. In addition, the regulation was created to establish an EU-wide standard for data protection.
When it comes to EU law, GDPR occupies a prominent place. GDPR covers any organization with offices in the EU. Thedata protection act legislation specifically states thatwhen a branch or a subsidiary of the main organization is located in the EU, the entire organization must ensure it is GDPR compliant. It is important to note that it does not matter where the main office of an organization is actually located. Any organizationnot located in the EU must comply with GDPR laws if it collects and processes the data of EU citizens.
Countries Covered by GDPR
The impact of GDPR affects organizations across the globe; however, the strongest effect is felt by thoseorganizations based in the EU andthat process a large volume of data collected from within the EU.
Twenty-eightEU countries are covered by GDPR:
- France
- Austria
- Germany
- Denmark
- Croatia
- Republic of Cyprus
- Estonia
- Bulgaria
- Czech Republic
- Belgium
- Greece
- Italy
- Ireland
- Luxembourg
- The Netherlands
- Portugal
- Hungary
- Romania
- Latvia
- Spain
- Finland
- Sweden
- Lithuania
- Slovakia
- Estonia
- Slovenia
- Poland
- Malta
- United Kingdom
As per the 2016 “Brexit” referendum, even though the U.K. is no longer a member of the EU, it is one of the most important countries in Europe.GDPRwas applied in theU.K. until the end of the Brexit transition period, December 31, 2020. Afterward, itbecame aU.K. law under the European Union (Withdrawal Agreement) Act 2020. The U.K. version of the regulation is known as the “U.K. GDPR.”
GDPR Outside the European Union
The physical location of an organization does not matter when it comes to GDPR. What are important arethe data of the individuals and the location of those whose data is being handled. It is important that EU nations, as well as countries outside of it, know the rules and regulations of GDPR and comply with them. Not knowing about GDPR is not an excuse for violating this law, and fines for non-compliance are steep.
Here are the Best Law Firms in Atlanta, GA for Privacy and Data Security Law
- Alston & Bird LLP
- Baker & Hostetler LLP
- Hall Booth Smith, P.C. Attorneys at Law
- Culhane Meadows PLLC
- Kilpatrick Townsend & Stockton LLP
- Adams and Reese LLP
- Conley Griggs Partin LLP
- Jones Day
