Skip to Main Content
Main Menu

General Data Protection Regulation (GDPR)

The world’s most comprehensive data privacy and protection law requires organizations to adhere to 7 common principles, provide the ability to exercise the 8 individual rights and demonstrate an on-going commitment to data privacy.

Does the EU GDPR apply to my organization?

The reach of the EU GDPR extends quite broadly and extends outside the EU depending on certain factors. Answering these three questions below can help determine whether your organization is impacted by this regulation and EU GDPR and could incur GPDR fines.

Answering “yes” to any of the three questions below impacts your organization.

Does my company offer goods and services to people in the EU?

Does my company monitor the behavior of individuals in the EU (including via technology such as website trackers)?

Does my company have employees in the EU?

    EU GDPR Requirements for Compliance

    7 principles

    1. Lawfulness, fairness & transparency
    Addresses why an organization needs to process personal data

    2. Purpose limitation
    Addresses what is the intended purpose for processing the personal data

    3. Data minimization
    Process only the required personal data to complete transaction (e.g., postal address required for eCommerce activities)

    4. Accuracy
    Ensure that the personal data is current and accurate

    5. Storage limitation
    Addresses how long this personnel data is retained

    6. Security integrity & confidentiality
    The storage and use of personal data must meet specific security and confidential standards and expectations related to the potential risk of exposure on the personal data

    7. Accountability
    Addresses the specific actions implemented and practice to ensure data privacy principles are upheld across the organization

    8 individual rights

    1. Right to be informed
    Provide individuals with clear information about what an organization does with their personal data.

    2. Right of access
    Individuals may request a copy of the personal data held on them.

    3. Right to rectification
    Provide reasonable steps taken to either confirm that the personal data is correct or to rectify it where necessary

    4. Right to erasure
    When personal data is no longer needed for the intended purpose for collection and when consent is withdrawn for its use

    5. Right to restrict processing
    Restricts use of personal data only in ways which the individual approves.

    6. Right to data portability
    Enables individuals to obtain and reuse their personal data across different services.

    7. Right to object
    The individual’s right to stop or prevent the processing of their personal data at any time.

    8. Rights related to automated decision making including profiling
    The ability to know if automated (non-human involved) decisions are being made that may discriminate, be biased, or inaccurate in whatever is being processed


    Essential guide to the GDPR

    Years after its implementation, enforcement of the General Data Protection Regulation (GDPR) is in full swing and fines are commonly reaching into the millions and billions. To avoid suffering significant losses, small, medium, and large businesses need a plan for GDPR compliance, fast!

    Using the Essential Guide to the GDPR, you can decipher over 200 pages of GDPR legal text into practical implementation steps that minimize risk, ensure compliance, build trust, and protect your brand.


    The information provided does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented are for general informational purposes only.

    Back to Top