Much has been written about soon-to-be-enforced fines for data breaches under GDPR (General Data Protection Regulation) as defined by the European Union (EU). But data breaches are not the only area of concern regarding GDPR.
By Martin De Martini, Y Soft – Companies also need to consider the personal identifiable information of individuals present in their enterprise systems, such as a company’s print/copy/scan infrastructure, and how to comply with individuals’ rights concerning that data.
The risks of being found non-compliant regarding an individual’s rights are considerable. Non-compliance fines are defined as up to 20 million Euros or 4% of a company’s worldwide revenue, whichever may be greater, regardless of where the company is physically located. Even if a company is located outside of the EU, if they process personal identifiable information of European Union nationals, GDPR applies. This makes GDPR relevant for companies outside of the EU as well.