The EU General Data Protection Regulation (GDPR) is fundamentally reshaping the way organisations manage data. It went into effect May of this year, and failure to comply means companies could face hefty fines of up to 4% of annual global turnover or €20 million.
In a previous blog post, we addressed the details of this new regulation, drawing attention to the most significant changes to the data privacy rules and what organisations must know do to ensure compliance with the new rules.
One of the key revisions regards the increased scope of GDPR. Now companies processing the personal data of individuals are covered under the law regardless of their location. This means application is extended to include the processing of data even when the processor is not established in the European Union (EU) and where the activities relate to offering goods or services to EU citizens irrespective of whether payment is required and the monitoring of behaviours that take place within the EU. It is also worth remembering that the rules apply to both controllers and processors, meaning “clouds” are not exempt from GDPR enforcement.
In very basic terms, companies located outside the EU but conducting business within the EU fall under GDPR.
To help Skillsoft customers comply with GDPR, we have opened a data centre in Frankfurt, Germany for both our Percipio customers headquartered in the EU and multinational Percipio customers doing business in the region. To support our GDPR compliance efforts, we engaged advisors to review Skillsoft’s relevant business processes, our EU personal data collection and use practices, as well as personal data flows from the EU to the US to create privacy policies and practices that are aligned with GDPR requirements.
This new data centre will enable Percipio customers to restrict the storage and processing of their data within the EU and ensure compliance with data sovereignty laws. It means user data, whether at rest or in motion, never leaves the confines of the EU and complements the implementation of GDPR for Percipio which has been in place from May 2018.
For more information, please see Skillsoft Opens European Data Centre to Ensure Data Sovereignty Compliance for Percipio Customers.
Steve Wainwright is the Managing Director for Skillsoft EMEA.