iCompaas Support

Overview

This article specifies that the General Data Protection Regulation (GDPR) entered into force 20 days after its publication in the Official Journal of the European Union and became applicable from 25 May 2018. It marks the official start of GDPR obligations for all entities processing personal data within its scope.

Key Principles

• Official Entry into Force: GDPR became legally binding 20 days post-publication.

• Applicability Date: Full GDPR compliance required from 25 May 2018.

• Scope: Applies to all controllers and processors within the EU/EEA and to entities targeting EU data subjects.

• Legal Certainty: Establishes clear dates for enforcement and compliance obligations.

• Accountability: Ensures all entities understand their responsibilities from the applicable date.
  
  

Organizational Applicability

This article applies to:

• All controllers and processors processing personal data of EU/EEA data subjects.

• Supervisory authorities enforcing GDPR compliance.

• Legal and compliance teams ensuring timely adoption of GDPR obligations.

• Organizations worldwide targeting or processing data of EU/EEA individuals.
  
  

Implementation Requirements

• Ensure GDPR obligations are fully implemented by 25 May 2018.

• Document compliance measures and processes for internal accountability.

• Train staff and stakeholders on GDPR requirements effective from the application date.

• Coordinate with supervisory authorities to confirm adherence to GDPR timelines.
  
  

Implementation Guidance

• Maintain records of GDPR adoption and compliance readiness.

• Conduct gap analysis and remediation prior to the applicability date.

• Establish monitoring and reporting mechanisms to ensure ongoing compliance.

• Periodically review policies, procedures, and controls implemented from 25 May 2018.
  
  

Periodic Review

• Frequency: Annually or whenever updates to GDPR obligations or organizational processes occur.

• Responsible Role: Compliance Team, Data Protection Officer (DPO), or Legal.

• Outcome: Ensure continuous compliance with GDPR since its application date.
  
  

Non-Compliance Risks

• Fines: Up to €20 million or 4% of global annual turnover for violations occurring post-application.

• Legal Exposure: Liability for failure to meet GDPR requirements effective from 25 May 2018.

• Reputational Damage: Loss of trust due to non-compliance with established GDPR timelines.

• Operational Risk: Delays or gaps in compliance may result in enforcement actions or regulatory scrutiny.