New EU/EEA data protection legislation

Dear Member of FIT Europe,

The new EU legislation, the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) comes into effect on 25 May 2018 (see

The GDPR regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. It applies to all Member States of the EU and the EEA countries Iceland, Liechtenstein and Norway.

Regardless of whether you are based in an EEA state or not, if your company or organisation processes, stores or transmits personal data that belong to EU residents then they will almost certainly be required to comply with the GDPR.

The GDPR does not apply to the processing of personal data of deceased persons or of legal entities.

The GDPR represents an “evolution” of rights and obligations. However, the administrative compliance burden may be considerable and the sanctions for non-compliance are onerous.

We would recommend that you remind your governing board/committee and also your association members, be they individuals or companies, to check if the GDPR applies to them and if they are required to be compliant.

There are no doubt a number of websites and courses available specifically in your own country that will provide the necessary information for your members in the relevant language(s).

The following is an example of a (free) course available on this subject, developed by the University of Groningen in the Netherlands:

Kind regards,

Dr. Annette Schiller
Chairperson FIT Europe