In today’s day and age, companies and businesses are relying more and more on data processing of their clients, which is why every company and business must be aware of the latest development in data protection law: the General Data Protection Regulation (the ‘GDPR’).


  • Establishes new rights for data subjects (such as the right to be forgotten), and new obligations for data processors and controllers,
  • Protects personal data and sensitive data (including geometric and biometric data),
  • Applies to all operations collecting personal data from individuals who are within the Member States, whether the controllers/processors are based in the EU or not,
  • Imposes hefty fines and penalties for non-compliance with this regulation, with the highest possible fine reaching €20 million.

The compliance deadline as set in the GDPR is the 25th of May, 2018. This means that all companies and businesses must bring all their policies in line with the GDPR by that date, or face severe fines for non-compliance.

What is contained in the GDPR?

A number of principles are given the utmost importance in the GDPR. Data must be processed lawfully, fairly, and in a completely transparent manner. Purpose and storage limitation must also be limited – only the data for a specific purpose should be collected. Any extra data collected is a liability for the company. Furthermore, companies must ensure to the best of their ability that the data collected is accurate.

The GDPR encourages data stored to be as secure as possible by using pseudonymisation or ensuring that data is not identifiable as much as possible.  Consent, as a key element of data collection and processing, cannot be obtained through pre-ticked boxes, or any default forms of consent (such as silence) – the data subject must be fully aware as to what he/she is consenting to.

It’s also important to note that the protection of data subjects has significantly been boosted due to the inclusion of their rights in the regulation, such as a right to access their personal data easily, quickly, and free of charge, right to erase their personal data if they wish, and right of data portability. Those rights, combined with the obligations of data processors, have defined a new era in data protection law.

In complying with the GDPR, companies ensure accountability, security, and confidentiality with their clients, boosting their client relationship as well as their overall reputation. This, apart from the hefty penalties for non-compliance, is why it is of the utmost importance for any business to ensure the best awareness possible of the new rights given to data subjects, and the obligations their company will have to adhere to.

Speak to us! If you require further information with regards to the General Data Protection Regulation please send us an email on

Leave a Reply