The EU General Data Protection Regulation has fundamentally transformed how businesses handle personal data. Any company that does not follow these new norms face severe fines, potentially up to €20 million or 4% of annual global revenue, depending on the severity and circumstances of the violation. In other words, GDPR compliance is not optional.
Implementing such a comprehensive reform to a vast sector of the global economy has naturally had some speed bumps. Several large companies, including Google and Facebook, have run afoul of GDPR guidelines. So businesses that have neither the workforce nor the funds nor the expertise of these large multinational corporations are justified in feeling some apprehension about achieving GDPR compliance.
That’s why we’re here. GDPR.eu is meant to alleviate some of those fears. In this article, we’ve compiled all the posts that pertain to GDPR compliance to help you make sure you are on the right track.
If you have specific questions about GDPR compliance, try searching keywords in the full text of the GDPR itself. We’ve created a searchable database of every article and recital. You’ll also find a handy search bar at the top right of every page on this website. This searches the entire site, including the GDPR text and all our articles.
The first place to start is our GDPR compliance checklist. It walks you step-by-step through the main GDPR requirements. It explains what companies must do to meet the new data security, transparency, and privacy rights standards and gives you simple, actionable advice on how to proceed.
While the GDPR is an EU law, it applies to any company that makes its website or services available to EU citizens, including US companies. Our GDPR compliance checklist for US companies is meant to complement our general GDPR checklist and clarify what a US company’s responsibilities are under the GDPR.
The impetus behind the GDPR was to give private individuals more control over how their personal data are collected and processed. So while protecting the data you collect is essential to GDPR compliance, empowering your customers to make informed decisions about who processes their data and how is just as important. This guide takes you through the relevant GDPR articles that outline your company’s data privacy responsibilities.
As part of giving private individuals more control over their personal data, the GDPR sometimes (but not always) requires companies to get a person’s consent before collecting or processing their data. However, some of the requirements around consent, like how it must be “informed,” “specific,” and “unambiguous,” or even the term “consent” itself, can be somewhat vague. This guide defines all of these terms so that your company knows what threshold it must meet to be GDPR compliant.
Companies work with all sorts of data, but the GDPR only applies to what it calls “personal data.” Identifying which data are personal data and subject to the GDPR will help your company focus its data protection efforts. Unfortunately, defining precisely what qualifies as personal data can be tricky. So this post outlines the different criteria a business must consider when evaluating whether the information it collects is personal data.
Small businesses cannot always afford to create their own IT or tech solutions for data protection. In many cases, they would be better served using end-to-end encrypted services that keep data inaccessible to everyone except its owner. We have assembled a list of several GDPR-compliant services that businesses of any size can use to take care of their day-to-day communications and file storage.