The main purpose of the GDPR is to give EU citizens greater control over how their personal data is collected, protected, and used. While the legislation applies to EU companies, it also applies to any company choosing to do business in the EU or have employees in the EU. This includes any online business that owns a website accessible to EU citizens that collects user data. Since the definition of personal information has also been expanded to include online identifiers such as cookies, GDPR has implications for a vast number of North American businesses.
A two-tiered sanctions regime will apply. Breaches of some provisions by businesses, which lawmakers have deemed to be most important for data protection, could lead to fines of up to 20 million Euros or 4 percent of global annual turnover the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to 10 million Euros or 2 percent of global annual turnover, again, whichever is greater.
In this webcast, we will present a clear understanding of the main differences between the current law and the GDPR, and explain what organizations need to do in order to prepare for the new law that will take place in May 2018. The webcast also includes an overview of possible IT solutions that are tailored for SAP customers.