Skip to content
Lege Nova
  • LEGAL SERVICES
        • Custom Documents
          • General T&Cs
          • GDPR Privacy Policy
          • Cookie Policy
          • Delivery and Return Policy
          • Other Contracts & Agreements
        • Document Generator
          • Privacy Policy Generator
          • Cookie Policy Generator
        • Intellectual Property
          • Trademark Registration
          • Copyright Protection
        • Templates
          • Non-Disclosure Agreement
          • Power of Attorney
  • BLOG
  • WHY US
  • CONTACT
  • FREE CONSULTATION
Site Search

General Data Protection Regulation (GDPR) Compliance

Home > Our Work > General Data Protection Regulation (GDPR) Compliance

General Data Protection Regulation (GDPR) Compliance

GDPR Compliance

The entry into force of the European Union General Data Protection Regulation (the “GDPR”) is almost here. This means that within the next year, every online business, regardless of whether it owns a website, an e-commerce shop, a mobile application or some other form of electronic business will have to make its processes in conformity with the new European personal data protection rules.

The upcoming GDPR puts a wide range of, not only amended, but also new obligations onto businesses that process personal data.

Before getting into the essence of the obligations of website and mobile application owners, one has to not that from May 2018, every business, regardless of whether it is based in the EU or not, will have to comply with the 99 Articles of the new GDPR if it holds or processes the personal data even of one European citizen.

This means that the EU General Data Protection Regulation will apply to you even if you are a US, Singapore, Israel or an Australian business.


NEW GENERAL PERSONAL DATA PROTECTION OBLIGATIONS

general personal data protection rules under the gdpr Almost every website has a contact form. If you own such a website, this means that you process personal data (name, e-mail, etc. that is input through that contact form) and that you are a controller within the meaning of the GDPR.

A data controller must be able to demonstrate that the processing it performs or has been performing is compliant with the GDPR. This means that if your business is subject to an audit, you need to prove that your processing is in line with the new rules (principle of accountability). To do that, every business needs to implement a code of conduct or another kind of certification mechanism.

personal data protection by design gdprAnother important obligations of controllers are the “privacy by design” and “privacy by default” concepts. What “privacy by design” requires is that the purposes, means and aims of the processing need to be established and outlined prior to commencement of the processing (in the planning phase of processing activities).

personal data protection by default gdprIn addition, “privacy by default” requires that that controllers implements “appropriate technical and organizational measures” in order to guarantee that, by default, only personal data which is necessary for a specific purpose is processed. In other words, data collected and processed should not be excessive and should not be stored for longer than is necessary for the given purposes.

As mentioned, companies established outside the EU, to whom the GDPR is applicable, would have the obligation, as controllers, to appoint a representative established within the EU.

Controllers would also have to keep a detailed record of their data processing operations. It must be made available to the supervisory Data Protection Authorities (DPAs) upon request.

Online businesses will also have to appoint a data protection officer (DPO) if their data processing involves “regular and systematic monitoring of data subjects on a large scale” or where the business conducts large-scale processing of “special categories of personal data”.

In case you are not sure whether this applies to you, we will be happy to consult you on the need to appoint a DPO for your business.


NEW SPECIFIC OBLIGATIONS

specific personal data protection rules under the gdprAs already mentioned, every business needs to set up appropriate technical and organizational measures in order to secure the personal data of their clients, users and customers. This may include different types of pseduonymisation or data encryption.

Another duty imposed on controllers is the “personal data breach” notification obligation. Businesses need to send a notification to the “competent” supervisory authority in case of a security breach (meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed). Notice must be provided “without undue delay and, where feasible, not later than 72 hours after having become aware of it.”

There are also a number of obligations related to “high risk” data processing. Those will not be looked in depth, as rarely online businesses are involved in such types of data processing. We are nevertheless prepared to advise you on whether your processing activities include such kinds of data.

 

PENALTIES AND FINES

gdpr fines for non complianceAs previously discussed, non-compliance with the GDPR may be disastrous. Fines for business can reach €20,000,000 or 4 % of the annual worldwide turnover for the preceding financial year of the entire undertaking (including mother- and related companies).

Because of that, online business need to consider bringing their operations in line with the GDPR an important project and not leave this for the last moment, as it will call for considerable effort.

HOW TO COMPLY WITH THE GDPR

The first step towards GDPR compliance is determining whether you deal with the data of EU citizens.

If your online platform, whether it is a website, mobile app or desktop application, collects the personal information of even a single EU citizen, you need to comply with the General Data Protection Regulation.

The most notable step towards GDPR compliance is having a proper Privacy Policy. You can use our online Privacy Policy Generator to obtain a GDPR compliant Privacy Policy in less than 5 minutes.

Once you have obtained a GDPR compliant Privacy Policy, you need to makes sure that your users are properly giving their consent to it. You need to use the clickwrap method, which essentially means that users need to click on a not pre-clicked box that they consent to your Privacy Policy. Users basically need to click on an “I Agree” button.

Have a look at Facebook’s home page, and how they have done it.

Facebook GDPR Compliant Privacy Policy

And here is an example of a GDPR compliant mobile app. Netlix summarizes it perfectly.

Netflix Mobile App GDPR Compliance Privacy Policy

Furthermore, you need to makes sure that you have a Data Protection Officer, that is, the person within your organisation, responsible for GDPR and data protection compliance. The DPO will be responsible for enacting measures and policies ensuring your compliance with the General Data Protection Regulation.

Lege Nova is prepared to help you during the entire process of bringing your business in compliance with of the new personal data protection obligations. This will include everything – from drafting an EU GDPR compliant Privacy Policy, through implementing codes of conduct or certification mechanisms to advising and educating you on how to conform with the GDPR and avoid disputes, fines and penalties.

Stop waiting.
Start building.

CREATE YOUR PRIVACY POLICY NOW

Recent Posts

  • 7 Reasons why Privacy Policies are so Important
  • What are the benefits of having Terms and Conditions on your Website
  • Children’s rights under the GDPR and the COPPA (Part 2)
  • Children’s rights under the GDPR and the COPPA (Part 1)
  • Mobile Apps and the GDPR

Blog Categories

  • Blog 1
  • Case Studies 1
  • Consumer Protection 9
  • Dispute Resolution 3
  • E-commerce 4
  • GDPR 4
  • Legal Compliance 9

Stop hesitating.
Use the #1 GDPR Privacy Policy Generator.

Every online business needs to comply with privacy protection laws. We guarantee that our GDPR Privacy Policy Generator will make you compliant with those. So stop waiting. Generate your GDPR compliant Privacy Policy now.

GENERATE YOUR PRIVACY POLICY


  • Sofia | Bulgaria
  • London | United Kingdom
  • Vienna | Austria
  • +359 889 299 999
  • [email protected]
  • Our Terms & Conditions
  • Our Privacy Policy
  • Our Cookie Policy
  • Frequently Ask Questions

2500+ rated us 4.8+ *



DISCLAIMER: Lege Nova does not act as your lawyer or attorney, and is not to be a substitute for an advice from a lawyer or an attorney. Lege Nova is not a law firm. The policies and information provided by and through the Lege Nova website should not be considered legal advice. All information, software, services, and comments provided on the website are for informational and self-help purposes only and are not intended to be a substitute for professional legal advice.

© 2019 Lege Nova Ltd.

Lege Nova uses browser cookies to give you the best possible experience. By using Lege Nova, you agree to our Privacy Policy. Accept
Cookie Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT