GDPR is an EU law focused on data privacy and security. It protects the personal data of individuals within the EU and imposes obligations on organizations that handle this data.
Key GDPR Facts
In effect since: 2018
Where does it apply?
All EU member countries plus Iceland, Liechtenstein, and Norway. It also applies to all organizations (public and private) located outside the EU if they offer goods or services, or monitor and process personal data of individuals residing in the EU.
The aim
To give EU citizens more control over their personal data.
Non-compliance penalties
Warnings, regular audits, fines, and reputation damage. The maximum fine is 4% of annual global turnover or €20 million, whichever is higher.
GDPR costs
88% percent of global companies say that GDPR compliance costs them more than $1 million annually, while 40% spend more than $10 million.
DPOs
To ensure compliance with GDPR, more than 500,000 organizations across Europe have registered Data Protection Officers.
Biggest GDPR Fines:
- €1.2 billion — Meta in Ireland in 2023 for data transfers to the US
- €746 million — Amazon in Luxembourg in 2021 for unclear privacy policies
- €405 million — Meta in Ireland in 2022 for children’s data processing
What Personal Data Does GDPR Protect?
- Name
- Biometric data
- Location data
- Income and other financial data
- Common online identifiers: IP address, cookies, apps, RFID tags
- Sensitive personal data: health, genetic, socio-economic, racial and ethnic information, cultural profile, sexual orientation.
Your Rights Under GDPR
Explicit consent
All data that is stored must be obtained by clear, unambiguous consent. You can withdraw consent at any time.
Transparency
You have the right to know why, how, and which of your personal data is being collected and how it is processed.
The right to be forgotten
The right to withdraw consent and demand data deletion.
Notification of breach
Organizations (data controllers) must inform their customers (data subjects) if their personal information has been hacked or compromised, and do so within 72 hours of the breach.
Data portability
As a data subject, you have the right to transfer your personal data from one service provider to another.
Why Data Archiving is Critical for GDPR Compliance
Online communication is a crucial aspect of GDPR compliance. Email and chat apps are especially prone to GDPR violations since they are often used for sharing personal information.
Implementing an archiving or data governance solution combined with a well-planned and executed organizational strategy helps your organization stay in compliance.
GDPR-compliant data archiving solutions let you:
- Search unstructured personal data
- Respond to DSARs faster
- Record email processing
- Manage and review data
- Create custom data retention policies
- Limit access to certain data to protect your business
- Cut costs by minimizing data storage overheads
ABOUT JATHEON
Since 2004, Jatheon has relentlessly focused on delivering all-in-one data archiving solutions that support the widest array of use cases, communication channels, and deployment options. Our solutions mitigate risk, save costs and improve visibility with advanced data retention, search, ediscovery, and supervision capabilities, all backed by world-class support. With analyst validation from Gartner®, Radicati, and InfoTech, Jatheon achieves 100% customer retention and is consistently ranked among the highest recommended archive solutions on the market.
Jatheon is headquartered in Toronto, Canada, and serves clients worldwide through a wide network of global business partners. For more information, please visit www.jatheon.com.
