About General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) is the European Union data protection law. It explains a business’ responsibility in relation to the personal data they collect and store and governs the processes businesses use for managing that personal data.

Who is affected

GDPR affects all businesses (including sole traders) who hold or process the personal data of people in EU Member States. There are potential fines of up to 4% annual global turnover or €20m, whichever is greater, for businesses that do not comply.

North American companies that do not do business with any of the twenty-eight EU member states must still consider the impact of GDPR. For example, content on the company web site should be reviewed for compliance. Particularly if the web site markets products or services to a global audience or if the content is localized for markets in any of the EU member states. Some typical North American industries who may be impacted by GDPR are e-commerce, travel, and hospitality.

How we manage GDPR

Sage has robust governance procedures in place to manage the implementation of GDPR. This includes a Data Governance Committee, which is comprised of stakeholders from all Sage business areas to ensure that we are prepared for GDPR.

Want to learn more?

Visit the GDPR page on our website to learn everything you need to know about GDPR.