The date for GDPR regulations to take effect is just around the corner, so you’ve likely been hearing plenty of buzz about it. But, what exactly is GDPR and how will it affect you? Read on for some answers to your top questions.
What is GDPR?
The General Data Protection Regulation (GDPR) is European Union (EU) legislation that is designed to sync data privacy, processing, and monitoring laws across the EU.
Put simply, it will regulate the data companies in and outside of the EU can collect, store and transfer related to EU residents– as well as how they use it. GDPR was adopted in May 2016, and will go into effect on May 25, 2018.
What Does GDPR Do?
GDPR was designed to protect the personal information of individuals that reside in the EU. It applies to EU-based organizations as well as organizations outside the EU that offer goods or services to, or monitor the behavior of individuals in the Union. For more detailed information, visit eugdpr.org.
What Exactly is Personal Data?
Personal data includes any information that can be used to directly or indirectly identify a person. For instance, that could include their name, photo, email address, bank details, social media posts, medical information, or a computer IP address. Sensitive personal data is a subset of personal data (as defined under GDPR) such as gender or race.
What Does This Mean for EU Consumers?
The regulation gives individuals in the EU the right to increased control over what their personal data is used for. Organizations will need to provide notice and obtain consent before collecting and processing data. They must also disclose the purpose of personal data usage, and define data retention and deletion policies. Security measures must be taken by those organizations to protect personal data, while they must maintain records of data processing and access and notify authorities of any data breaches.
What Does This Mean if You Live in the U.S.?
GDPR won’t mean much to the average person in the U.S., as the regulation only applies to individuals that reside in the EU. But, U.S.-based businesses will have to become compliant if they offer goods or services to, or monitor the behavior of, individuals accessing their goods or services from the EU. (This will still apply even if the U.S. company’s EU presence is strictly digital, as Forbes points out.)
How is SAP Concur Readying for These Changes?
SAP Concur is fully committed to complying with any relevant laws and regulations – including GDPR – to further strengthen our customers’ confidence and trust. SAP Concur has been consistent in its approach to data protection as part of our general product standards and this is now being extended to reflect new requirements of the GDPR. SAP Concur is also committed, with its products and services, to enable its customers to implement GDPR requirements. Existing product and services features are being enhanced to support customers in their GDPR compliance journey.
In the process of preparing your business? Learn more about how SAP can help you on your way to being GDPR ready.