The General Data Protection Regulation The GDPR - what does it mean for executive search | Page 11

FAQ
Q. What impact will the GDPR have on companies based outside
of the EU?
The GDPR is focused on the rights and freedoms of EU citizens. If you are processing
data on, or providing goods or services to, EU citizens, then you will need to comply,
regardless of your location.
Q. Will Britain’s decision to leave the EU impact on the GDPR?
The UK Government has committed to complying with the GDPR by 25 May 2018,
under the same timescales as the EU. So, Brexit makes no real difference assuming that
post Brexit, the UK will have implemented the GDPR and will be deemed an
adequate jurisdiction for data privacy.
Q. How will the GDPR be enforced?
The EU Commission will increase the powers of Supervisory Authorities (SAs), the local
geographic data protection bodies. These will include investigative powers (audits,
reviews, notifications) and supervisory powers (warnings, compliance orders, fines) and
will be supported and underpinned by the rule of European Law. Member States will
have individual discretion to decide the rules on criminal sanctions for infringements of
the GDPR.
Q. Will the new legislation be applied to information we already have
stored within our systems?
Yes. Once the act is in force it will apply to all personal data relating to EU citizens
regardless of when it was acquired.
Q. What are the financial implications for non-compliance?
Fines imposed could be up to the greater of EUR20 million or 4% of worldwide
turnover.
SAN FRANCISCO | NEW YORK | LONDON | READING | KUALA LUMPUR | SINGAPORE | SYDNEY