What You Need to Know About General Data Protection Regulation

General Data Protection Regulation, or GDPR, is widely considered the most high-profile legislation to affect IT and management of personal data in the last decade. It creates a new standard for data management.


What is it? The GDPR is an attempt to unify rules and boost data protection and security for European Union citizens.

On April 27, 2016 the EU passed the world’s strongest and most far-reaching law aimed at strengthening citizens’ fundamental rights in the digital age. The regulation also tries to facilitate business best practice by unifying rules for companies operating within the EU Digital Single Market.

This new, 88-page General Data Protection Regulation (GDPR) is something that EU member states voted for unanimously: one law for the entire region. 

Before this new legislation, it was up to individual countries to decide how to implement existing EU laws and recommendations, which added to complexity for businesses operating in multiple countries. 

The GDPR not only applies to any company, organization or body established in the EU who process personal data but also to any company, organization or body established outside the EU if they target individuals residing in the EU.

It only applies to Europe? No. It also affects the export of data outside the EU and of course it affects any organization that deals with EU citizen data — a vast number of organizations that trade or interact with Europe.

When does the GDPR come into effect? It is enforceable from 25 May, 2018 and countries affected don’t need to pass any domestic legislation beforehand.

Why should I care? Because experts believe the GDPR will have a huge impact on how data is collected, processed, used and shared.

And if I don’t care? The penalties surrounding compliance with the GDPR are very big and they constitute a big part of the reason that the GDPR has garnered so much attention. The GDPR provides for fines of up to four per cent of trailing annual gross revenue; for a $1 billion turnover firm, that would equate to a maximum penalty of $40 million.

And from Impexium…We’re here to help. At Impexium, we started to think about how GDPR would be measured and tested in early 2017. Since then, we’ve been working on becoming GDPR ready. And today, our industry-leading Association Management Solution (AMS) powers the association industry’s most forward-thinking and innovative organizations. We look forward to working together to make your organization’s GDPR journey a successful one.