Does my company need to comply?
If you’re reading this, very likely, yes. Article 3 of the GDPR lists two primary groups of entities that have to comply:
- Firms located in the EU
- Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behaviour of EU residents
That’s pretty comprehensive. If, for example, your company has a website that is visited by citizens or residents of the European Union, you will likely be required to comply on that basis alone if you collect personally identifiable information on visitors to your website.
Any organization that processes data of any individual in the context of selling goods or services within EU borders is required to comply with this new regulation or face steep fines. Your company might be based in Chile or China or Canada, but if you have even a single customer who is a resident of the European Union, you will have to comply with this comprehensive new set of regulations.