GDPR…Just a Europe thing, right…right…

Written by: Peta Nicholson

GDPR is the latest compliance buzzword in tech today! Everyone is talking about GDPR and that they must make sure that their business is compliant.  But isn’t this only for companies located in the EU?  In short NO!

What is the GDPR?

The regulation is called the General Data Protection Regulation (GDPR), this regulation sets a new bar for privacy rights, security, and compliance.  It provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data. 

When does GDPR come into effect?

25th of May 2018, GDPR goes into effect with broad reaching implications for all companies around the globe (not just in the EU).

Who does GDPR affect?

The GDPR effect is far more reaching than just the EU. The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in EU or that collect and analyse data tied to EU residents — irrespective of where the business is in the world. GDPR is applicable to organizations of all sizes and all industries. Depending on your business, your obligations under GDPR may vary. GDPR has different requirements for companies that are Controllers vs. those that are Processors. 

See the GDPR site to help you determine what category of requirements apply. See this link for further details:

What is personal data?

This begins with understanding what data exists and where it resides. The GDPR regulates the collection, storage, use, and sharing of “personal data.” Personal data is defined very loosely under the GDPR as any data that relates to an identified or identifiable natural person. Data can reside in: Customer databases, Feedback forms filled out by customers, Email content, Photos, CCTV footage, Loyalty program records and HR databases.

What happens if I don’t comply?

GDPR compliance is not a one-time activity and carries significant penalties for non-compliance. Fines for non-compliance can be up to 4% of a company’s global revenues or €20 million, whichever is greater.

What do I need to ensure compliance?

This is a business-wide challenge that will take time, tools, and processes, and could require significant changes to a business and to your privacy and data management practices.   Begin with a review of your organization’s privacy and data management practices.   Locate where personal data is kept and who has access to this data currently.  Review how and when access is given and make necessary changes to ensure a safeguard to the data is in place.

How is Microsoft ensuring compliance?

Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights and is the first major cloud services provider to pledge compliance.  Through their Azure and Office 365 platforms your business can meet the GDPR compliance.    For further details see: and

For more information or help in ensuring your compliance with GDPR or cloud security in general, drop us a line and we can make sure you are compliant.