General Data Protection Regulation (GDPR)

What is GDPR?

General Data Protection Regulation (GDPR) was enforced since the 25th of May 2018, with the goal to regulate the ways personal data are collected and processed online.  

According to the regulation, any website offering services to EU-citizens must inform them about personal data that is being collected. Prior consent must be given by the user before using any tracking technologies (e.g. cookies). The user should have the ability to choose which personal information is gathered, with a simple opt-in function, and have an option to adjust their preferences at any point.

Also, users should have the option to request all the data that was collected about them.

Violating GDPR will cost you a fortune! GDPR fines can get up to €20 million, or 4% of the company's yearly profit, whichever is higher. However, most importantly, violating GDPR is a disregard for basic human rights.

GDPR compliance

In short, here are 8 easy steps to get compliant under GDPR laws:

  1. Provide the details of a data controller.
  1. Share the purposes for collecting personal data and the types of cookies being used.
  1. Provide the legal bases for collecting personal data.
  1. Inform users how long their personal data will be stored.
  1. Inform your users of their legal rights.
  1. Make sure your website uses a valid SSL certificate and safe design platforms.
  1. Inform users in case partial or full personal information is being transferred to third parties such as social media platforms.
  1. Provide all the information and the relevant explanations in a clear, easy, and understandable way.
Check out our GDPR website checklist for more information about getting your website compliant.

What about UK-GDPR?

The UK is officially no longer a member of the EU since 1 January, 2021. Although GDPR does not technically apply to the UK anymore, it is subjected to the DPA (Data Protection Act) 2018 and UK GDPR. As for EU privacy regulations, The UK is treated as a “third country” as of 31 October, 2019. Depending on the agreement that the UK and the EU negotiate, the status of a “third country” could change and will be updated accordingly. For now this definition is significant mostly when discussing the transferral of users ‘data between countries. (GDPR Article 44)

For more information, read our UK-GDPR FAQs.