So what is GDPR and how can become compliant? We have answered some of your questions below
What is GDPR?
The General Data Protection Regulation (GDPR) is a set of rules for the collection and processing of personal data for EU citizens, allowing them more control over their information.
What are the rules to ensure compliance?
Personal data must be: Processed lawfully and fairly, accurate and up to date, relevant and limited to what is necessary, Held only for the absolute time necessary, collected only for specified purposes, and secure.
What are the penalties for failing to comply?
The maximum fine is 4% of annual global turnover, or €20 million, whichever is greatest. GDPR regulators may issue warnings, carry out audits or demand you erase data.
Do small businesses have to comply?
You’ll have to comply with the GDPR regardless of your size, if you process personal data.
Does the GDPR only apply to EU organisations?
The GDPR applies to processing carried out by organisations operating within the EU, as well as those outside the EU that offer goods or services to individuals in the EU.
Can I process data under the GDPR?
Controllers must ensure personal data is processed lawfully, transparently, and for a specific purpose. After the data has been used for its purpose, it should be deleted.
What is an opt-in statement?
Silence and opt-outs are no longer accepted. The individual has to express explicit opt-in consent for their data to be processed.
Can I still market to my existing customers?
Where personal data is processed for direct marketing, the individual’s right to object should clearly be brought to their attention.
Still have questions?
Drop us a line