Skip to main content

Short answer: GDPR is the EU’s data protection regulation that sets rules for how businesses and organisations collect, use, and store personal data. Its main goal is to protect individuals’ rights and privacy – and it applies to any company that processes personal data about people in the EU. To stay compliant, you need a valid legal basis for processing, strong data security, and proper documentation.

What does GDPR stand for?

GDPR stands for General Data Protection Regulation.

When did GDPR come into effect?

The General Data Protection Regulation, or GDPR, came into effect on 25 May 2018 and replaces the EU’s 1995 Data Protection Directive.

Did you know that GDPR violations can result in fines of up to 20 million euros or 4% of the company's global annual turnover, whichever is higher

- European Commision

What is GDPR?

GDPR is an EU regulation on data protection for all persons in the EU. It is thus a central regulation within international data legislation, which applies to companies that process personal data from EU citizens inside and outside the EU. It doesn’t matter where the companies are physically located: If you as a company handle data from EU citizens, the company must comply with the GDPR.

GDPR legislation

The GDPR applies to all organisations with EU or national customers and applies to any type of data, including names, addresses, email addresses and IP addresses. EU data protection legislation is set out in the Charter of Fundamental Rights, which was included in the Treaty of Lisbon in 2007. The EU Data Protection Directive of 1995 (Directive 95/46/EC) established a system for the protection of personal data processed by employers and others.

Start your privacy cleanup with the big picture

A GDPR Risk report gives you a complete overview of the privacy risk in your company. The report is based on a scan with DataMapper.

How many GDPR regulations are there?

The GDPR consists of 99 articles, which contain the various rules and regulations regarding the protection of personal data and privacy. These articles cover various topics, such as the processing of personal data, rights of individuals, principles of data processing, responsibilities of data controllers and data processors, as well as sanctions and enforcement mechanisms.

Why is GDPR important?

The purpose of the GDPR is to give EU citizens back control over their personal data. People must (and should) have the right to know what information companies have about them. From a societal point of view, GDPR gives people rights to demand insight into previously uncharted territory. The regulation gives individuals a number of rights, including the right to know what personal data is collected about them, the right to have this data deleted and the right to object to its processing. Having said that, complying with the GDPR – also known as compliance – can be a big mouthful for companies.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Who does GDPR apply to?

As of May 25, 2018, all companies doing business in the EU have had to comply with the GDPR. Since the regulation gives EU citizens more control over their personal data, this means that companies must be able to protect personal data and comply with the GDPR in order to process personal data on EU citizens. The regulation applies to both data controllers and data processors.

How does GDPR affect my business?

The GDPR has a significant impact on your business as it requires all processing of personal data to be carried out in accordance with strict privacy protection rules. This means that your company must be aware of and comply with various GDPR requirements, including obtaining consent from individuals before collecting and using their data, ensuring proper handling and storage of personal data, and implementing appropriate security measures to prevent unauthorised access or leaks.

To meet these requirements, it is crucial to raise awareness of the GDPR among all employees in your company. This can be achieved through extensive training and education covering the basic principles of the GDPR, with a particular focus on handling personal data and protecting privacy. Employees should understand their roles and responsibilities in relation to GDPR compliance, including how to respond to requests for access to personal data, ensure confidentiality of data and report any security breaches.

In addition, your company should implement secure email procedures to protect personal data during communication. This may include encrypting emails, using secure passwords and authentication, and avoiding sending sensitive information through unsecured channels. By raising awareness of the importance of having a safe email, your business can reduce the risk of data leaks and breaches of GDPR regulations, while maintaining the trust of customers and stakeholders.

FAQ about GDPR

1. Who does GDPR apply to?
GDPR applies to all companies and organisations that process personal data about individuals in the EU – regardless of whether the company itself is based in the EU or not. This includes small businesses, online stores, and public authorities.

2. What is personal data?
Any information that can identify an individual – such as name, email address, postal address, IP address or cookies that can be linked to a specific user.

3. What are the core principles of GDPR?
Lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality – as well as accountability.

4. What happens if you fail to comply with GDPR?
Non-compliance can result in fines of up to €20 million or 4% of the organisation’s global annual turnover – whichever is higher. You also risk losing customer trust and facing reputational damage.

What happens if you do not comply with the GDPR?

Failure to comply with the GDPR can have serious consequences for a company. Violation of the GDPR can cost both fines and – perhaps even worse – trust.

Need help with GDPR?

To begin with, you have to accept that the journey to becoming compliant does not end immediately, but is a continuous process. To help you comply with GPDR, we have prepared a checklist for GDPR, where we have divided the process into steps, so that you can take them one at a time. However, there is no escaping the fact that there is a lot of manual and time-consuming work associated with complying with the GDPR. To get help with the heavy work, you can make use of GDPR software that has been developed for this purpose to great advantage.

Read more

Sebastian Allerelli
Founder & COO at Safe Online

Sebastian is the co-founder and COO of Safe Online, where he focuses on automating processes and developing innovative solutions within data protection and compliance. With a background from Copenhagen Business Academy and experience within identity and access management, he has a keen understanding of GDPR and data security. As a writer on Safe Online's Knowledge Hub, Sebastian shares his expertise through practical advice and in-depth analysis that help companies navigate the complex GDPR landscape. His posts combine technical insight with business understanding and provide concrete solutions for effective compliance.

GUIDE

How to handle sensitive personal data

BLOG

How to find personal data with datamapping tool

GUIDE

How to prepare for a data audit