Monday, 16 April 2018 13:10

GDPR - An Overview (Part 1)

GDPR (General Data Protection Regulation) is nothing new, in its simplest form it's an extention of already existing data protection and privacy laws that already exist and if you're already compliant then the work required to become compliant will be much easier.

GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.

The Deadline

The General Data Protection Regulation (GDPR) is an European Union regulation scheduled to go into effect on 25 May 2018.

Coming into fruition after more than four years of deliberation (see timeline), the GDPR aims to standardize and strengthen data protection policies for residents of EU member nations. It replaces the prior Data Protection Directive (95/46/EC) of 1995 and, as a regulation instead of a directive, will apply immediately on enforcement date without requiring individual transpositions by member state legislation.

Does It Affect You?

GDPR affects you if you sell or store personal information on any citizen based within the EU, even if your business is outside the EU. It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe.

According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What is "Personal Data"?

Personal data can be any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier (Who does the GDPR apply to? [From ICO Website]).

Does My Business Need To Appoint a Data Protection Officer (DPO)?

DPOs mustbe appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO.

What is the difference between a data processor and a data controller?

A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

Download our FREE Step by Step Guide + Checklist

Additional Info

Last modified on Sunday, 05 August 2018 06:44

5 comments

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Contact Us

+44 (0)845 527 3596 (UK)
+34 602 155205 (ES)
This email address is being protected from spambots. You need JavaScript enabled to view it.



See how you too can achieve an increase in online revenue.

What Others Have To Say...

  • Michael managed with attention to detail and monitors the status of accounts like a hawk without losing sight of the
    Timothy Barreiro Coral Hotel Group
  • What No Website offers a great and valuable service which is absolutely perfect for any new start business or entrepreneur
    Christopher Pennington Capecan Group
  • That is amazing thank you soooooo so much. Honestly, this is going to change the way we work here.
    Suzanne Lovell Age UK
  • We had an excellent level of communication with What No Website who completed all the tasks in a timely manner…
    CTO Paradise Park Hotel
  • 1