GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation for data protection. It applies to businesses’ processing of personal data from people in the EU regions. The regulation pertains to the full data life cycle, from gathering and storage to usage and retention. It is important to note that GDPR applies not only to firms based in the EU, but any organization providing a product or service to residents of the EU – and that in the event of data breaches, GDPR creates the potential for headline-grabbing penalties.

GDPR Terminologies:

Supervisory Authority

Independent public authority designated by each member state to monitor the application

Data Protection Officer

Specialist who is appointed by controller to handle all matters related to protecting personal data


Person or organization designated for processing personal data on behalf of a controller


Person or organization that decides how and why personal data will be processed with a clear definition

Data Subject

Human that can be identified (directly or indirectly) from some data

What Types of Data GDPR Protects


Businesses Affected by GDPR

The regulation applies to all businesses (both within and outside the EU) that offer goods or services or monitor behavior, as long as they conduct automated or partially automated personal data processing for people within the EU.

For organizations that employ fewer than 250 people and do not process sensitive information, certain activities related to data controllers may not apply. GDPR does not apply to the actions of individual consumers.

GDPR Compliance

Organizations that are defined as data processors, even if they are processing data on behalf of a data controller, are accountable for protecting that personal data. These organizations must report data breaches and will be penalized if they are found to be non-compliant

It is critical for organizations to demonstrate that they have consent to process a subject’s data. Subjects must give their consent freely, and any written declarations must use plain language that can be easily understood. The subject can withdraw consent at any time, at which point the company must be able to remove the subject’s data from all its systems. This rule is often referred to as “the right to be forgotten.” For children, data can only be processed with the consent of a parent or legal guardian. Data subjects are also entitled to make subject access requests to organizations that hold their data for free..

Our Methodology for GDPR Compliance

Contact Us

Get in Touch


    Want more information on our services?

    We respect your privacy. Read our policy.