Now, it comes into force on the 25th of May. If you are outside of EU, but you have customers, prospects, employees, suppliers, anyone whose personal data that you hold, in the EU, then you need to comply, because this regulation is all about looking after the data protection of people within Europe. So that’s what you have to do.
Fines have gone up to €20 million or 4% of your worldwide turnover for the last 12 months. It sounds that this policy targets those big corporations, but there might be reputational damage for not complying. And with all eyes on the commercial use of personal data right now, staying compliant with the current laws will only help you as new rules and regulations are developed.
Even if you are a VA (virtual assistant) if you’re processing data (i.e. email list) from a customer in EU or the list contains information from the EU customers, you have to be compliant with GDPR. Otherwise, legally they are not allowed to use you anymore.
If you have Facebook pixel installed on your website or landing page, you have to make it clear to your online visitors. For example, The Formula One website. They notify you upfront cookies is in place, by continuing to browse this site gives consent for cookies to be used. https://www.formula1.com/