• Blog

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation.

The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation. To understand how GDPR (it’s usually called just “GDPR,” not “the GDPR”) came to be, you can check out the quick explainer video below:

 

Does GDPR apply to my business?

If you’re a European business, the answer is yes. Even if your business isn’t based in Europe, it handles the personal data of EU citizens, so the answer is probably yes, too.

There are two specific groups who are subject to GDPR:

  • Data Controllers: the person or business who determines the purposes for which personal data is processed.
  • Data Processors: anyone who processes personal data on behalf of the data controller.

What are the key concepts to know in GDPR?

As the first law of its kind, GDPR laid out some concepts that are crucial to understanding the world of data privacy regulation in general. Some are used in other laws around the world. Others are GDPR only.

  • Lawful Bases: GDPR says that any time you collect user data, you must have a legal basis to do so. There are six legally valid reasons to collect data.
  • Data Subject Rights: GDPR also articulated a set of data rights, many of which have been adopted in other privacy laws all over the world. Understanding the set of rights that data subjects posses is crucial to understanding GDPR.

What are the basics of GDPR compliance?

Wrapping your head around the full scope of GDPR compliance can be a challenge. There are many different elements of business operations to consider and lots of detail around each GDPR requirement. It’s best to start with an understanding of the basics and map out a compliance plan from there. See the checklist below for a simple guide to help guide your GDPR planning:

Get familiar with data subject rights.

Under GDPR, subjects have a set of rights that businesses must be able to facilitate. Ensure your procedures and policies can deliver.

Conduct an audit to discover the data you have.

Mapping your data is an essential first step to complying with any modern data privacy legislation. GDPR is no exception.

Appoint a data protection officer.

A DPO is a vital, centralized point of privacy authority in a business. Designating a DPO puts you on the fast track to streamlining your privacy operation.

Understand the nature of GDPR consent.

Consent is at the heart of GDPR. It must be “freely-given, specific, and unambiguous.” It must also be easy for subjects to withdraw consent at any time.

Can I get in trouble for violating GDPR requirements?

Yes, you can. Enforcement of GDPR is one of the major trends that privacy observers are watching. When GDPR came into effect in 2018, fines started slowly. Regulators gave businesses some time to get used to the new law, but fines have been climbing higher as the GDPR reaches maturity.

In the last year, regulators have levied a fine of $50 million on Google and announced intent to fine British Airways a whopping $183 million for a data breach. While these amounts are eye-watering, they’re not the key concern for most businesses. Instead, it’s the total number of fines issued — over 200 to date.

Conclusions

GDPR affects every business differently. If you’re a smaller business that mostly handles US consumer data, GDPR is something to be aware of and measure yourself against. As businesses move up in scale, the importance of GDPR and the risks posed by getting data privacy wrong increase significantly.

There are many companies out there, including Ethyca, that offer GDPR solutions for companies of all shapes and sizes. With thoughtful planning and adequate caution, GDPR is nothing to be afraid of.

  • Ethyca announces fundraise, doubles annual revenue with new enterprise clients, and reveals new brand.

    Read More
  • Today we’re announcing faster and more powerful Data Privacy and AI Governance support

    Read More
  • See new feature releases enhancing user experience, adding new integrations and support for IAB GPP

    Read More
  • Learn more about the privacy and data governance enhancements in Fides 2.27 here.

    Read More
  • Read Ethyca’s CEO Cillian Kieran describe why and how an open data governance ontology enables companies to comply with data privacy regulations and frameworks.

    Read More
  • Ethyca sponsored the Unpacking Privacy Engineering for Lawyers webinar for the Interactive Advertising Bureau (IAB) on December 14, 2023. Our CEO Cillian Kieran moderated the event and ran a practical discussion about how lawyers and engineers can work together to solve the technical challenges of privacy compliance. Read a summary of the webinar here.

    Read More

Ready to get started?

Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!

Speak with Us

Sign up to our Newsletter

Stay informed with the latest in privacy compliance. Get expert insights, updates on evolving regulations, and tips on automating data protection with Ethyca’s trusted solutions.