Add file


Do you know that collecting personal data without consent leads to great fines? Punishments reach €20 million.
We will tell you how to avoid these penalties.
Get more information in the step by step plan.

"When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don't have compliance teams or data protection officers.
But small organisations often process a lot of personal data, and the reputation and liability risks are just as real."
Elizabeth Denham, UK Information Commissioner

What is the GDPR 2018?

General Data Protection Regulation was adopted by the European Council and the European Parliament on April 27, 2016. It was the most significant change in the European data protection laws since 1998. The authorities provided businesses with a two-year preparation period.
of the global economy are
represented by EU companies
25th May

GDPR came into force
508 million
people are living in the EU

What is the purpose of GDPR?

The goal of GDPR is to protect individuals' personal information and broaden their rights. The new regulation aims to equalize the data protection laws of EU countries and create a single reference point for national data protection agencies and regulators.

GDPR goals

Protect European citizens' private electronic information
Change the way organizations approach data privacy
Give more power to regulatory bodies to take action against organizations
Simplify and unify the regulatory environment within the European Union (EU)

Who must comply with the GDPR?

The new regime of fines is applied to any business outside of the EU that provides goods and services to the EU citizens, monitors their behavior or deals with personal data.

What are the GDPR requirements?

User consent gets trickier. Your business should have a lawful reason to get and store personal data. You should also receive separate permissions for every data processing move you plan.
Data subjects' rights become broader. Ensure the functionality to erase user data or transfer it to other services upon request. Users may also request corrections and detailed information on the ways their information is used.
Data processing documentation is necessary. Your company will need to keep detailed records of the time the user consent was obtained, its wording, the safety procedures in place and reports on all processing activities.
Data breaches must be reported within 72 hours. You will need to monitor data security and communicate even the minor violations to the national data protection regulator or the user.

Individual's rights under the GDPR

Explicit Consent
Consent is informed in "clear and plain language". Consent to collect can be withdrawn at any time.
Individuals have the right to know why, how and what personal data is being collected and how it is processed.
The Right to Be Forgotten
The right to withdraw consent and request
data deletion.
Data Portability
The right to transfer personal data from one electronic system to another.

What personal data does the GDPR protect?

Biometric data
Location data
Financial data
IP adress

GDPR non-compliance penalties

Fines up to 4% of annual global revenue or €20 million - whichever is greater
Personal data breaches must be reported to the supervisory authority and individuals within 72hrs after first becoming aware of it

5 steps to become GDPR friendly

Organize the collected data
Good data management will help you to give a quick and clear answer to the subject data requests (SARs).
Be mindful about database security
The GDPR compliance means that privacy by design is obligatory. The cybersecurity of private information should be designed into the entire application.
Create a documented data policy
GDPR requirements include the necessity of explaining why, how, what personal details are used and for a what period of time.

Get rid of unnecessary personal details
Customers should be sure that you delete their personal information after the cooperation.
Build marketing strategy on consent
The clear, freely-given consent is a must for collecting any sort of information that can identify an EU resident. Privacy policies and their changes should be written in plain language and be accessible to users.

Has any company been fined under GDPR?

GDPR in detail

Take care on your clients' privacy