General Data Protection Regulation (GDPR): 4 key questions you should ask
GDPR - 4 key questions you should ask
GDPR is extremely stringent legislation and represents a clear shift from the current privacy requirements in EU. Whilst GDPR applies to almost all companies that operate in EU, it is also applicable to organizations outside of EU that target EU residents (many organizations are required to comply to GDPR due to this requirement).
If your business in Kuwait is associated with any individual or organization from the European Union (EU) then GDPR might impact you
European Union (EU) introduced a new Data Privacy regulation (EU General Data Protection Regulation – GDPR) which shall be effective from 25 May 2018.
GDPR is extremely stringent legislation and represents a clear shift from the current privacy requirements in EU. Whilst GDPR applies to almost all companies that operate in EU, it is also applicable to organizations outside of EU that target EU residents (many organizations are required to comply to GDPR due to this requirement).
If you answer “Yes” to any of the following four questions, we would suggest that you seek professional advice as soon as possible:
- Do you have an “Established” organisation in the EU that collects or processes personal information about your clients, consumers, or employees?
- Do you have a website, accessible in the EU in an EU Local Language (not including English), which offers goods and services to EU residents?
- Do you market your products and services to EU residents?
- Does your organisation perform operations which involve “Monitoring” EU residents?
Penalties for non-compliance may result in fines up to 20 million Euros or four percent of your global turnover, whichever is higher. The GDPR regulation empowers the data subject (individual whose Personal Information is being processed) by providing more control, choice over sharing the data, right to erasure, obtaining active consent and affirmation of individuals’ personal rights
The regulation also mandates stringent processes to be followed in the event of a data breach. GDPR mandates that data breach needs to be notified to the enforcement agency within 72 hours after becoming aware of the breach.
How KPMG can help
KPMG member firm professionals support clients across the globe in resolving complex data protection and privacy issues. We have a flexible and structured approach to meet the needs of diverse organizations and their complex and highly regulated industries. The global reach of KPMG member firms helps to work effectively across multiple territories at a local level.
Having KPMG by your side definitely helps because of the following reasons:
- A leading team of experienced privacy professionals across our network of member firms
- Extensive privacy experience already includes the design and delivery of GDPR programs across multiple sectors
- A pragmatic and realistic approach based on the unique footprint of each organization
© 2021 Copyright owned by one or more of the KPMG International entities. KPMG International entities provide no services to clients. All rights reserved.
KPMG refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity. KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. For more detail about our structure please visit https://home.kpmg/governance.
Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.
