Add file


Lawsuits and fines will bring down your business if you process customers' personal data without consent. If you don't want to lose €20 million or more, learn how to mitigate GDPR-related risks. FreshCode offers a step-by-step compliance plan.
"When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don't have compliance teams or data protection officers.
But small organisations often process a lot of personal data, and the reputation and liability risks are just as real."
Elizabeth Denham, UK Information Commissioner

What Is GDPR?

European Council and the European Parliament passed the General Data Protection Regulation on April 27, 2016. GDPR was an attempt to bring existing data protection legislation up to date, as the law hadn't changed since 1998. Businesses got a two-year-long grace period to meet the new requirements
businesses are EU-based
May 25, 2018
GDPR became effective
508 million
the population of the EU

What Makes GDPR Different?

GDPR broadens the scope of Internet users' rights and prevents the abuse of their personal information by businesses. New rules apply across all EU states and overrule local regulations, setting standards for local data protection regulation institutions to follow.

GDPR Benefits

Protect EU citizens' personal data from leaks and abuse by businesses
Establish industry-standard practices for companies handling customer data
Develop clear regulations for national data protection regulators to follow
Provide EU citizens with control over companies processing their personal data

Does GDPR Apply to Your Business?

All businesses in and outside of the EU fall under GDPR if their customers are EU citizens.

What Does GDPR Mean for Your Business?

User consent becomes paramount. A single opt-in checkbox is no longer enough to collect, store, and process customer data. You need explicit permission for every data manipulation.
Broader user rights require new features. Customers can request you to edit, transfer, or delete their data. Your business needs new systems to field such queries quickly and efficiently.
Data management records expand. Your documentation should include user consent records and security safeguards in place, as well as the ways personal data is used.
Security breaches must be addressed in under 72 hours. To prevent legal repercussions, you need an automated security system to report data leaks to the national regulator or the users.

User Rights and Business Responsibilities under GDPR

Explicit Consent
Businesses must present data collection agreement in plain language.
Users have the right to know what data businesses collect and how they process it.
The Right to Be Forgotten
Online users can withdraw consent and request their data to be deleted.
Data Portability
Businesses must provide users with the means to transfer personal data to other systems.

What Data Falls under GDPR?

Biometric data
Location data
Financial data
IP adress
Genetic data
Health info

Risks of GDPR Non-compliance

Up to €20 million or 4% of annual global turnover in fines
Lawsuit settlements for the wrongful collection or processing of customer data
Business losses and reputational hits in the face of fines and compensations

5 Steps to GDPR Compliance

Update consent notices
Edit and simplify data collection consent notices and inform your customers of the changes pertaining to their online privacy.
Structure customer data
Embrace careful data management to speed up responses to subject data requests (SARs).
Document data policy
Develop internal and customer-facing documentation on why, how, and what data you collect and use.

Eliminate unused data
Free up business resources and cover your bases by deleting customers' personal information you don't use.
Develop with privacy in mind
Reconsider existing products and incorporate privacy by design into all new projects to prevent security risks and breaches.

Has any company been fined under GDPR?

GDPR in detail

Take care on your clients' privacy