{"id":50089,"date":"2019-04-01T00:00:00","date_gmt":"2019-04-01T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/"},"modified":"2022-04-12T00:02:30","modified_gmt":"2022-04-12T00:02:30","slug":"gdpr-do-you-know-if-your-organization-needs-to-comply","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826","title":{"rendered":"GDPR: Do You Know if Your Organization Needs to Comply?"},"content":{"rendered":"<p>Many have heard tidbits about the acronym &ldquo;<a href=\"\/definition\/32263\/general-data-protection-regulation-gdpr\" target=\"_blank\">GDPR<\/a>,&rdquo; but do not understand the regulation or feel that it doesn&rsquo;t apply to their organization since it is a European Union law. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.<\/p>\n<p>In addition to the risk of damaging reputation, noncompliance with the GDPR may have significant financial consequences. Data protection supervisory authorities may impose administrative fines of up to &euro;20 million or 4 percent of the total global turnover. This should cause concern and make GDPR compliance the utmost importance for organizational leadership. (Not complying with the GDPR can also make you a target for cybercrime. Learn more in <a href=\"\/how-cybercriminals-use-gdpr-as-leverage-to-extort-companies\/2\/33705\" target=\"_blank\">How Cybercriminals Use GDPR as Leverage to Extort Companies<\/a>.)<\/p>\n<h2><span id=\"where_does_it_apply_and_what_is_the_impact\">Where does it apply and what is the impact?<\/span><\/h2>\n<p>The General Data Protection Regulation (GDPR), put into place by the European Union on May 25, 2018, is designed to ensure that organizations are adequately protecting the privacy rights of individuals concerning the processing of personal data. It is the most significant change in data privacy in the EU in more than 20 years.<\/p>\n<p>The GDPR applies to all organizations that have an establishment in the EU, but also, it marks a significant expansion of the territorial scope of the EU data protection regime. This extra-territorial reach is triggered if companies meet one or more of the following conditions:<\/p>\n<ul>\n<li>Goods and services are offered to EU citizens\n<\/li>\n<li>The behavior of EU citizens is monitored (e.g., by using <a href=\"\/definition\/7624\/cookie\" target=\"_blank\">cookies<\/a> on <a href=\"\/definition\/5411\/website\" target=\"_blank\">websites<\/a>)\n<\/li>\n<li>Personal data is processed in the context of an establishment (e.g., an affiliate) in the EU<\/li>\n<\/ul>\n<h2><span id=\"how_do_companies_demonstrate_compliance_with_gdpr\">How do companies demonstrate compliance with GDPR?<\/span><\/h2>\n<p>The GDPR sets out seven major principles that all organizations are required to comply with when they process personal data:<\/p>\n<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"0\">\n<tbody>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Lawfulness, Fairness, and Transparency<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>There must be a legal justification for processing personal data and the reason for processing must be transparent to the data subject.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Purpose Limitation<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>Personal data must be collected for specified, explicit and legitimate purposes, and not further processed in a way incompatible with those purposes.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Data Minimization<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>All personal data collected must be limited to what is necessary in connection with the purpose for collecting it.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Accuracy<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>Personal data must be accurate, and where necessary, be kept up to date.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Storage Limitation<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>Personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Integrity and Confidentiality<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>Personal data must be processed in a way that ensures appropriate security of personal data.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.56140350877193%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Accountability<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.43859649122807%\">\n<p>The controller shall be responsible for, and be able to demonstrate, compliance with the principles.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n<p>Accountability is one of the most important new requirements under the GDPR. Accountability means that the organization must show that it can comply with the GDPR. Companies must be able to demonstrate compliance to meet the accountability requirement, which includes:<\/p>\n<ul>\n<li>Appointing a <a href=\"\/definition\/33091\/data-protection-officer-dpo\" target=\"_blank\">data protection officer<\/a> or local representative, where necessary\n<\/li>\n<li>Completing and maintaining records of data processing activities\n<\/li>\n<li>Assessing the appropriate level of <a href=\"\/definition\/26464\/data-security\" target=\"_blank\">data security<\/a> and implementing appropriate technical and organizational security measures\n<\/li>\n<li>Implementing <a href=\"\/definition\/29406\/data-protection\" target=\"_blank\">data protection<\/a> by design and by default and documenting the measures taken; carrying out data protection impact assessments, where necessary<\/li>\n<\/ul>\n<h2><span id=\"itrsquos_about_protecting_the_data_privacy_rights_of_individuals\">It&rsquo;s about protecting the data privacy rights of individuals!<\/span><\/h2>\n<p>The GDPR defines &ldquo;data subjects&rdquo; as &ldquo;identified or identifiable natural person[s].&rdquo; In other words, EU citizens that may be employees, customers, suppliers, or others from whom or about whom companies collect information in connection with business and\/or operations. The GDPR also spells out certain rights for its data subjects:<\/p>\n<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"0\">\n<tbody>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right to Information<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects have the right to be informed about the collection and use of their personal data.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right of Access<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>If processing personal data of data subjects, they have the right to access this information and obtain a copy.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right of Rectification<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects are entitled to have their personal data rectified if it is inaccurate or incomplete.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right of Erasure<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Enables data subjects to request that data is deleted or permanently removed, including from backup systems.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right to Restrict Processing<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects may request that companies restrict the processing of their personal data.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right of Data Portability<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects may submit a request to receive their personal data in a structured, commonly used and machine-readable format or instruct that their personal data is transmitted directly to another data controller.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Right to Object<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects have the right to object to processing of their personal data.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Automated Decision Making (including profiling)<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>The purpose of this right is to provide safeguards for data subjects against the risk that a potentially damaging decision is taken without human intervention.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"background-color: rgb(5, 57, 44); text-align: center; vertical-align: middle;\" width=\"34.73684210526316%\">\n<p><strong><span style=\"color: rgb(255, 255, 255);\">Withdrawal of Consent<\/span><\/strong><\/p>\n<\/td>\n<td style=\"background-color: rgb(239, 239, 239);\" valign=\"top\" width=\"65.26315789473684%\">\n<p>Data subjects must be allowed to withdraw any consent given (e.g., consent to receive marketing email, etc.) at any time without penalty.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n<p>Organizations should have procedures in place to respond to data subject requests (DSRs) regarding the rights mentioned above. The legal basis, processing data, or other factors will dictate how your organization responds to a DSR, so it is essential to consult with legal professionals that have expertise regarding the GDPR. (Protecting customer data is paramount in the GDPR. Learn more in <a href=\"\/is-your-customer-data-really-safe-how-it-can-be-exposed\/2\/33471\" target=\"_blank\">Is Your Customer Data Really Safe? How It Can Be Exposed<\/a>.)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many have heard tidbits about the acronym &ldquo;GDPR,&rdquo; but do not understand the regulation or feel that it doesn&rsquo;t apply to their organization since it is a European Union law. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance. In addition [&hellip;]<\/p>\n","protected":false},"author":7795,"featured_media":50090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[548,557,592,594],"tags":[],"category_partsoff":[],"class_list":["post-50089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-data-management","category-identity-access-governance","category-online-privacy"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v23.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR: Do You Know if Your Organization Needs to Comply? - Techopedia<\/title>\n<meta name=\"description\" content=\"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR: Do You Know if Your Organization Needs to Comply?\" \/>\n<meta property=\"og:description\" content=\"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-01T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-12T00:02:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"John Graff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"John Graff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\"},\"author\":{\"name\":\"John Graff\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/8c6f29db82ea48cbed1453b59e5feb64\"},\"headline\":\"GDPR: Do You Know if Your Organization Needs to Comply?\",\"datePublished\":\"2019-04-01T00:00:00+00:00\",\"dateModified\":\"2022-04-12T00:02:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\"},\"wordCount\":902,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\",\"url\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\",\"name\":\"GDPR: Do You Know if Your Organization Needs to Comply? - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg\",\"datePublished\":\"2019-04-01T00:00:00+00:00\",\"dateModified\":\"2022-04-12T00:02:30+00:00\",\"description\":\"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg\",\"caption\":\"Stanislau V\/Dreamstime.com\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Management\",\"item\":\"https:\/\/www.techopedia.com\/topic\/20\/data-management\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GDPR: Do You Know if Your Organization Needs to Comply?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"width\":209,\"height\":37,\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/8c6f29db82ea48cbed1453b59e5feb64\",\"name\":\"John Graff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/john-graff-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/john-graff-300x300.jpg\",\"caption\":\"John Graff\"},\"description\":\"John Graff, PMP, is Practice Director, Business Transformation at Sparkhound, and is an experienced program manager well versed in Project Lifecycle Change Management and Project Management Agile Scrum Methodology. He is a strong leader with outstanding communication and organizational skills, and excels in driving teams to successful solutions through his ability to innovate change with visionary thinking and strategic management. John holds a Bachelor of Science from Southeastern Louisiana University.\",\"sameAs\":[\"http:\/\/www.sparkhound.com\/\"],\"knowsAbout\":[\"Practice Director\",\"Business Transformation at Sparkhound\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/john-graff\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR: Do You Know if Your Organization Needs to Comply? - Techopedia","description":"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826","og_locale":"en_US","og_type":"article","og_title":"GDPR: Do You Know if Your Organization Needs to Comply?","og_description":"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.","og_url":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2019-04-01T00:00:00+00:00","article_modified_time":"2022-04-12T00:02:30+00:00","og_image":[{"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg","width":1,"height":1,"type":"image\/jpeg"}],"author":"John Graff","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"John Graff","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826"},"author":{"name":"John Graff","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/8c6f29db82ea48cbed1453b59e5feb64"},"headline":"GDPR: Do You Know if Your Organization Needs to Comply?","datePublished":"2019-04-01T00:00:00+00:00","dateModified":"2022-04-12T00:02:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826"},"wordCount":902,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826","url":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826","name":"GDPR: Do You Know if Your Organization Needs to Comply? - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg","datePublished":"2019-04-01T00:00:00+00:00","dateModified":"2022-04-12T00:02:30+00:00","description":"Many have heard tidbits about the acronym \u201cGDPR,\u201d but do not understand the regulation. Surprisingly, even without locations or affiliations in the EU, companies here in the United States may be subject to hefty fines for noncompliance.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/dreamstime_m_106407448-1.jpg","caption":"Stanislau V\/Dreamstime.com"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/gdpr-do-you-know-if-your-organization-needs-to-comply\/2\/33826#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Data Management","item":"https:\/\/www.techopedia.com\/topic\/20\/data-management"},{"@type":"ListItem","position":3,"name":"GDPR: Do You Know if Your Organization Needs to Comply?"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","width":209,"height":37,"caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/8c6f29db82ea48cbed1453b59e5feb64","name":"John Graff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/john-graff-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/john-graff-300x300.jpg","caption":"John Graff"},"description":"John Graff, PMP, is Practice Director, Business Transformation at Sparkhound, and is an experienced program manager well versed in Project Lifecycle Change Management and Project Management Agile Scrum Methodology. He is a strong leader with outstanding communication and organizational skills, and excels in driving teams to successful solutions through his ability to innovate change with visionary thinking and strategic management. John holds a Bachelor of Science from Southeastern Louisiana University.","sameAs":["http:\/\/www.sparkhound.com\/"],"knowsAbout":["Practice Director","Business Transformation at Sparkhound"],"url":"https:\/\/www.techopedia.com\/contributors\/john-graff"}]}},"modified_by":null,"_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/50089"}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7795"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=50089"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/50089\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/50090"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=50089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=50089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=50089"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=50089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}