Do I need to comply with GDPR?

05 Jun Do I need to comply with GDPR?

Answer: Probably.


GDPR is an expansive regulation that will be applied internationally (not just the EU). It is not exclusively dependent on where you do business or who you do business with but the activities that you do. This regulation applies to:


(1) A company or entity that processes personal data as part of its activities at one of his branches in the EU.

(2) A company established outside the EU which offers good or service (paid or free) or is monitoring the behavior of individuals in the EU.

(3) All companies processing and holding personal data of residents of the EU, regardless of the company’s location.


What is Personal Data?


The processing of personal data is now any information that relates to an identifiable living person. Obvious examples would be:

  • A name and surname

  • Home address

  • Email address

  • Date of birth


So if your site has enquiry forms and/or email sign-ups for instance, these elements will now need to compliant with the new regulation.


But it also includes (this list is not exhaustive):


  • Cookies

  • IP addresses

  • Locations

  • Health and genetic data

  • Political opinions

  • Sexual orientation


So if you can track someone via their IP address, you now need to disclose this and the visitor will need to have an affirmative acceptance.


When processing and securing this data, someone’s name and address needs to be as transparently disclosed and treated with the same care and diligence as a cookie or IP address.


No Data is grandfathered in:


Any data that you have collected from pre-GDPR expansion needs to now meet the new criteria. IE, if you have mailing lists that do not meet GDPR protocol, to use them would now be in breach of the regulation.

The Zeitgeist of GDPR is transparency and fairness, business need to now disclose clearly what they do, and how it will impact the visitor. It is the obligation of the organization to:

  • Map and classify all personal data.

  • Perform risk assessments

  • Hire dedicate data protection officers

  • Monitor compliance

  • Document every activity around data

  • Document everything you need to ensure legal compliance.

If you would like us to assess your business for GDPR, contact Aware today. We have an article on business impacts here.