You may have noticed a ton of privacy policy emails or TV commercials lately from companies like Facebook or your local TV station being sent or shown to you which started at the end of May 2018. It’s because of GDPR or General Data Protection Regulation.

What Is GDPR?

GDPR has been made by the European Union (EU) to protect EU citizens’ right to their data privacy. GDPR ensures that EU citizens’ data are theirs.

It’s a new rule in the European Union (EU) which is mainly having companies comply how they are to treat users’ personal data.


“The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

I have used EU citizen however it is still unclear if GDPR applies to EU citizens, EU residents or both. Peerlyst has an article that explains this in details:

GDPR: EU Citizen vs. EU Resident vs. Data Subject

What Consists of Personal Data?

Personal data are data including online data that can be used to identify you.

When asked, companies need to justify why they are collecting users’ data. If you own a business that does not need to collect the physical address of users, you would be questioned why you’re asking and keeping it.

“The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.”

GDPR on iphone

Who Does GDPR Apply To?

Regardless of where you are, GDPR applies to everyone who offers products, services or has customers that are part of EU countries.

When would GDPR exactly take effect?

GDPR took effect last May 25, 2018.

Companies need to explain why they need users data and what they’re going to do with it. With GDPR, EU residents now have the right to request their data from companies. If they want to delete it, the company has to honor the requests unless they want to violate GDPR.

If the company does not respond within 30 days of the request, the company in violation will face a penalty.

Penalties covered 4% of the company’s global revenue or 20 million euro, whichever is higher.

It has been said that the May 25th deadline is like a soft opening and even at the end of 2018, a lot of companies would still be in violation of GDPR.

Tips On How To Be GDPR Compliant

Data Organization

Make sure that all your data are stored in an organized fashion. If ever you’re asked about information about anyone, you can quickly retrieve all of it.

Data Security

If you’re storing your users’ data digitally, make sure that it’s secured. Whether it’s on the cloud or you have a computerized system, security is king. Password protection, anti-viruses, and information control. If physically stored, store it in a room where only you and people you trust have access to it.

Keep Only Data That You Need

Do not keep data that you do not need. You have to make sure that you need those particular data for your business and not just because it might come in handy later on. You are to justify this.

Rewrite Your Privacy Policy

Rewrite it in compliance to GDPR with these in mind, what information is being collected? How and why is it being collected and what it’s going to be used for?

Provide Or Delete Information In A Timely Manner

If you have the first two tips, this should not be a problem. Remember that you have only 1 month to provide information if asked about a user’s data if asked. Same with deleting data. You must have a system of how this can be done.

GDPR Awareness

You and the rest of your company must be aware of and informed about GDPR. You could appoint a Data Protection Officer (DPO) that would be responsible for enforcing GDPR across the whole company.

Note that this is our understanding of GDPR and how we interpret the newly passed EU law.

GDPR FAQ’s can be found here: 

Posts You May Also Like

Leave a Reply

Close Menu