Enterprise Computing Solutions ANZ

The General Data Protection Regulation: FAQ 



What is the General Data Protection Regulation (GDPR)?

The GDPR is a regulation that requires businesses to protect the personal data of citizens in the European Union (EU) for transactions that occur within EU member states.

When does GDPR come into force?

Friday 25 May 2018.

Who does GDPR apply to?

The GDPR will affect your customer if they:

  • Have a business presence in an EU country.
  • Have a business presence outside an EU country, but they collect and process the personal data of EU citizens.
  • Have a business that consists of more than 250 employees.
  • Have a business that has fewer than 250 employees, but they process sensitive personal data. 

What are the consequences for non-compliance?

Businesses that fail to meet compliance guidelines face heavy penalties that fall into two key areas:

  • Failure to comply/technical measures: up to an amount that is the GREATER of €10 million or 2% of global annual turnover (revenue) from the prior year.
  • Data breach/key provisions: up to the GREATER of €20 million or 4% of global annual turnover from the prior year.

Who is liable for data breaches?

The GDPR creates shared liability between the Data Controller and the Data Processor.

For clarity, the Data Controller determines the purposes and means of the processing of personal data, while the Data Processor processes personal data on behalf of the controller.

What are the key changes?

Businesses must:

  • Notify authorities of a data breach within 72 hours
  • Inform customers of what data is being used, how it is being used and why
  • Erase or stop sharing personal data at the request of their customers
  • Provide the personal data they have obtained to the customer, at their request, so they can share it with another data controller
  • Build data protection into the design of data collection and processing systems
  • Implement internal recording keeping requirements, including the appointment of a Data Protection Officer (refer to point 3 below).

How can businesses prepare?

You can help your customers prepare for GDPR with the following steps:

1. Identify the data they have, where it is sourced and who it is being shared with.

2. Help them revise their data protection plan to ensure it meets GDPR compliance.

3. Recommend they assign a Data Protection Officer (this applies to businesses that carry out large-scale processing of special categories of data or carry out large scale monitoring of individuals (such as behaviour tracking) or is a public authority).

4. Create an accountability framework so they can prove their policies and procedures comply with defined protection principles.

5. Help them to revise all policies – including retention policies, privacy policies and personal data notifications – and ensure they contain plain language. 

It's not too late to help your customers get GDPR ready.

As a partner, you can play a key role in helping your customers be audit ready. In doing so, it's important that you engage the right stakeholders, including responsible vendors, service providers and IT asset disposition companies. 

Arrow works with the world's leading vendors and has a team of experts who can help streamline and simplify processes to help you do business more easily.

Talk to us today about how we can help you make your customers GDPR ready.


Tell me more