Global Data Protection Regulations

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) law comes into effect. GDPR protects European Union data subjects’ fundamental right to privacy and the protection of personal data.

GDPR applies to any company (whether a controller* or a processor*) established in the European Union (“EU”) that processes personal data, regardless of whether the processing actually takes place in the EU or not.  More significantly, the GDPR also applies to companies that are NOT established in the EU if they process the personal data of EU-based individuals for the purpose of:

(a) Offering them goods or services.

(b) Monitoring their behavior within the EU (e.g. social media, online tracking, data analytics).

This law will apply to any organization that meets above criteria, irrespective of where they are located.

The fines for non-compliance could be high, with fines of up to €20 million, or 4 percent of a company’s global revenue.

Boomi’s Commitment to Data Protection
and GDPR Compliance

Read more about Boomi’s data protection commitment.


Compliance with the GDPR will be based on the specific facts of an organization’s business, operations and use of data. This content provides a set of discussion points that may be useful in the development of an organization’s GDPR compliance efforts. It is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet regarding GDPR.