GENERAL DATA PROTECTION REGULATION (GDPR)

Fines up to 20 million Euro’s for Non-Compliance with new EU data protection regulation

The General Data Protection Regulation, or GDPR, (EU Regulation 2016/679) is a regulation in EU law that was approved by the European Union on April 14th 2016, and set to come into force on May 25th 2018. It’s one of the most significant and wide-ranging pieces of legislation passed relating to technology and the internet, with new guidelines that are better suited to the modern, technology-dominated world.

The GDPR is primarily designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations approach data privacy. Explicit consent of an individual (data subject) to store and use their personal identifiable data is one of the focus points of the GDPR. The aim is to give control to EU citizens and residents over their personal identifiable data and protect them from privacy and data breaches in an increasingly data-driven world.

One may think that these new regulations are only applicable to businesses that are established within the EU, but this is far from the truth. This new legislation is vastly different than the 1995 legislation with an increased territorial scope, as it applies to all companies that are collecting and processing the personal data of data subjects residing in the European Union, regardless of the company’s location. Meaning to say that even businesses outside of the EU that are offering goods or services to anyone living within the EU will also need to ensure they’re compliant with these new rules, as they could also be subject to hefty fines up to 4% of annual global turnover or €20 Million (whichever is greater).

According to BTP, “even though Sint Maarten is not formally part of the EU or the Single Market, we are part of the “Overseas Countries and Territories (OCT)” with a special relationship with the Netherlands – a full member state of the EU. In addition to this, our island is shared with Saint Martin and they are also part of the EU. Because of our close ties with these EU countries, our dealings with them on a regular basis, and the mere fact that thousands of EU visitors come to our shores on a daily base for both business and pleasure, it’s it advisable for entities established on Sint Maarten (Profit & Non-Profit, Public & Private) to pay keen attention to this new legislation”.

The Director of BTP Mr. Anthony Carty stated: “It’s imperative that we follow suit with both the collection and protection of personal identifiable data of EU citizens and residents. All entities that are not compliant with the GDPR by May 25th 2018 are facing the risk of enormous penalties from the European Authorities. We are therefore urging all businesses on the island, – especially those that are targeting EU markets, or collecting and/ or processing personal identifiable data of EU citizens and residents-, to familiarize themselves with the GDPR, and ensure they are compliant with the new regulation by May 25th 2018. Larger entities are advised to appoint or hire data experts to perform assessments, and revisit company procedures”.

More information to be found on: https://www.eugdpr.org/

Any further questions or queries can be addressed to Bureau Telecommunications and Post St. Maarten: info@sxmregulator.sx