GDPR intro

GDPR non legal for small companies

GDPR introduction

GDPR (General Data Protection Regulation) is a regulation by the in the European Union (EU) and the European Economic Area (EEA) on data-privacy. It is enforceable from 25 May 2018.

In simple words: it arranges that personal data is handled with care and respect.

Non-compliance can result in a fine of up to 20 Million EUR or 4% of the annual global turnover.

Some key-aspects:

  • Personal data can be processed (*) with a legal ground. E.g. a sales-contract.
  • If there is no legal ground, the person can be asked for a consent (freely given, clear and short text). Consent can be withdrawn at any time.
  • Persons have the right to ask what data you have on them.
  • There are forbidden categories of data, such as racial or ethnic origin, political opinion, believes, genetic data, about sex life or sexual orientation etc.

* “Processing” : collecting, recording, storage, structuring, analyzing.

The main aspects to be arranged are:
1. Governance and Accountability
2. Personal Data Inventory and Mapping
4. Third Party Processors
5. Privacy Notices
6. Information Security
7. Data Subject Requests and Complaints
8. Operational Processes and Procedures
9. Breach Management and Response
10. Training and Awareness
11. Privacy By Design and DPIAs
12. Ongoing Conformance




How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.


Constructive comments and questions on topic are very welcome here below.

Leave a Reply

This platform for entrepreneurs is just starting. Be one of the first 50 entrepreneurs signing up and we'll have some extra advantages for you!

Normal advantages : promote your business via this channel, link to your website, get useful documents, connect with other entrepreneurs

Extra advantages for the first 50 entrepreneurs signing up and writing a blog: Promotional space on the front-page for 20 days