Spontaneous application

GDPR !! EU Data Protection Policy is Here..

New Insight
30 May 2018
people talking

What does the General Data Protection Regulation (GDPR) govern?

Regulation (EU) 2016/6791, the European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. It doesn’t apply to the processing of personal data of deceased persons or of legal entities.

 The rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one’s home, provided there is no connection to a professional or commercial activity. When an individual uses personal data outside the personal sphere, for socio-cultural or financial activities, for example, then the data protection law has to be respected. (European Commission -2018)

Companies in the EU have to bring their procedures and information systems into compliance to enforce the new EU regulation, known as General Data Protection Regulation (GDPR) or RGPD in French.

GDPR is the new European framework for the processing and circulation of personal data, that is to say those operations on which companies rely on to offer their services and products. This is information that can directly or indirectly identify a natural person, such as: name, phone number, mailing address or email, photograph, …


 As a new EU reference text  in the area of data protection and confidentiality, the aim of the GDPR is to define a single uniform framework that applies to all its members. This regulation covers all residents of the EU. It also concerns the entire territory of the EU as well as any territory in which an institution participates in collecting data. Therefore text doesn’t apply only to companies established in Europe. Any entity handling personal data concerning Europeans must comply with it, whether it is a company, an association or even a subcontractor.


This regulation was created in 2016, with an obligation for companies to be in compliance by May 25, 2018 at the latest. And it is from this date forward that sanctions for non-compliance may be applied. In the event of an infringement, fines (up to a maximum of 20 million euros), or 4% of the offending company’s  previous year’s global annual turnover may be levied. It is the higher amount of these two penalty options that will be enforced.


In France, the text of the draft law has been presented by the Minister of Justice. It’s negotiation into French law has necessitated several round trips between the National Assembly and the Senate and they have not yet succeeded in producing a common version of the text. So at this moment, the regulation language is still a work-in-progress, and the final text must be put forward by the President of the Republic and published in the Official Journal.


Didier Hémion

Partner,Chartered Accountant

These posts may interest you