Skip to main content

Got EU citizens on your email list? What you need to know about GDPR:

By May 25, 2017July 20th, 2022No Comments

In 2012, the European Commission initiated an updated data protection regulation, aimed at harmonizing data privacy laws across Europe. In 2016, the EU General Data Protection Regulation (GDPR) was passed and adopted by the Council of the European Union as well as the European Parliament.

Following a 2 year post-adoption grace period, this regulation will be enforced starting May 25, 2018, by imposing heavy fines on violators.

With this blog post, I’d like to give you an overview what this means to your business and how you can protect yourself from facing fines of up to 4% of your annual global turnover or €20 million (whichever is greater).


Territorial Scope

The GDPR will apply to all companies that collect, hold, and/or process personal data of EU residents, regardless of the company’s location.

For companies in the UK that only market to UK citizens, the GDPR might not apply post-Brexit. However, the UK Government has hinted that it will implement an equivalent or alternative legal mechanisms.



Long and convoluted terms and conditions full of legalese might now need an overhaul. Under the GDPR, the request for consent must be clear and be phrased in clear, plain language. Furthermore, it must be as easy to withdraw consent as it is to give it.​


Breach Notification

Under the GDPR, breach notifications will become mandatory and must be carried out within 72 hours of first having become aware of the breach.


Right to Access

Users have the right to obtain confirmation as to whether or not personal data concerning them is being processed, by whom, where, and for what purpose. In addition, after proving their identity, they shall be provided an electronic copy of that personal data, free of charge.


Right to be Forgotten

Users can ask to have their personal data erased. They also have the right to stop further analysis or processing of that data.



Organizations that do not adhere to GDPR, open themselves up to fines of up to 4% of annual global revenue or €20 million (whichever is greater).