Those of us who fly airplanes have a mnemonic called GUMPS, which stands for certain tasks you must do to confirm that you’re ready to land. The letters remind pilots to do things like make sure they have fuel flowing to the engine, the landing gear is down, seatbelts fastened and switches in their proper position.
We’re on the final approach to enforcement of Europe’s General Data Protection Regulation, which means that it’s time for your organization to make sure everything is ready for a smooth European landing.
The key to the GDPR is the personal information of EU citizens, so the first step is to confirm whether you’re subject to the GDPR. Here’s how to tell. Do you do any business with citizens of the EU? If you do, do you collect any personal information?
If you collect any personal information involving citizens of the EU, then you’re subject to the GDPR. That means that you must protect that information according to the standards set by the EU. The key is “any” which means that if you run a website open to people in the EU and it collects any identifying information, including their IP address, then you’re covered by the GDPR.