Mar 14th, 2024
Jun 6th, 2018
By Frank M. Schlesinger
On May 25, 2018 the new General Data Protection Rules (“GDPR”) of the European Union came into force. These rules are built on the previous rules such as “Safe Harbor”, but constitute a revolution in that the individual (“Data Subject”) is now the owner of and in control of his Personal Information.
Personal Information is any information relating to a physical person which identifies or makes the person identifiable such as name, photo, email address, account numbers, telephone numbers, social security numbers, IP addresses, etc. The rules concern anyone who collects, records, keeps, consults, uses or destroys Personal Information.
While this is an European Directive, nevertheless, any European Union resident whose Personal Information is involved will have recourse, and if the person collecting or using such information misuses it or fails to protect it properly, the penalties are very severe. Penalties can run up to 20,000,000€ or 4% of the worldwide revenue of the infringing entity.
Therefore, even if you are a business who only sells online and receives credit card information from a European Union resident, or if you receive Personal Information for mailing lists or whatever other purpose, you may be at risk in the event that you fall afoul of the rules.
Persons dealing with or treating Personal Information of European Union residents must:
Any requests or demands from the Data Subject made in virtue of the rules must be responded to within very strict short delays.
Furthermore, in addition to the huge penalties, which may even include penal prosecution, the Data Subject whose rights have been infringed will have a right to sue for damages.
It is no wonder that you have probably been deluged lately with emails from many companies indicating that their Privacy Policies have recently changed.
Please do not hesitate to communicate with the undersigned for any further information or help in this regard.