A lot of companies are not aware in Thailand that if they are storing data of a EU person and processing information that GDPR applies to them.
Many companies outside the EU are unaware that the EU GDPR regulation applies to them as well.
The new General Data Protection Regulation, published on May 25, 2016, goes into force on May 25, 2018. The General Data Protection Regulation (GDPR) standardises data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information. It also extends the protection of personal data and data protection rights. Data Protection Directive 95/46/EC.
This means that silence or pre-ticked boxes on websites cannot be used as valid consent.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
For more information contact us at email@example.com