GDPR explained in plain language

Is your company already GDPR compliant? Find out now!

8 Jun, 2017 Kirsten Ujvari

Certainly you heard about the new European privacy law; GDPR and its restrictions. But what does that mean for you? How do I make sure that I get things in order and avoid these huge fines? And even more important; who can guide me in this process? The answer to these questions and more you will find here below in 5 clear points written to be understood by everyone.

1| What do the new regulations mean?

The purpose of GDPR is to introduce a new stack of rules within the countries of the European Union. These rules focus mainly on the security and management of personal data.

What is been done with this data? How are they secured? And where are they stored? These new rules are defined for data of as well customers as employees.


The legislation consists of 2 parts:

  1. The Regulation, that is applicable for companies.
  2. The Directive for government services, police and judicial institutions.

The General Data Protection Regulation (GDPR) or AVG (Algemene Verordening Gegevensbescherming) is a set of rules to protect the data of the European citizens.

2| What does that mean for your company?

From May 2018 need to be able to indicate that the data they collect and store in data centers or in the cloud outside the EU, meets the demands of the new GDPR legislation.

“The way data is used and stored will therefore dramatically change.”

3| How can I prepare my company?

To prepare your company as good as it can the commission of privacy has provided us with some guidelines:

  • Transparency: companies need to inform citizens how they store their data, how it is processed and gathered and all this in an understandable way.
  • Data transfer: citizens will be able to transfer their data from one provider to another, eg. to change telecom operators.
  • The right to be forgotten: companies need to be able to erase data of a person when he asks for it. And if there is no valid counterargument, also data that is shared with third parties.
  • Duty to report data leak: companies are obliged to report a data breach within 72 hours, unless they can prove that the breach has not endangered the gathered personal information.

4| What happens with a company that does not comply to these new set of rules?

Companies that do not meet requirements to these set of rules, will receive high fines. The price tag of these fines? They vary from 2% of the yearly turnover. If more serious matters are involved? The fine can reach until 4% of the yearly turnover.

You better make sure that the data you gather is correctly managed. Every data breach should be mentioned within 72 hours and your company should make a serious clear risk-assessment.

5| Do I need to appoint a person responsible within the company?

It is important that you appoint someone responsible for the GDPR legislation. We call it a DPO, Data Protection Officer. He or she knows the new set of rules and makes sure it is followed precisely.

Stuart can help you to consult in these matters. As well as to execute the necessary.  We offer you the required courses and rapport to people with the required information. Trust us to complete this process. And we speak your language.  To figure out who you need to make responsible, they gave certain guidelines to follow:

If you can answer ‘yes’ to one of the follow questions, you are obliged to appoint a DPO.

  • Do you process personal data of more than 5000 data providers a year?
  • Is your organization a governmental institution (except in execution of judicial tasks)?
  • Are you mainly charged with the processing of special categories of data? Data of race, political preference or religious conviction? Or data out of criminal investigation and criminal facts?
  • Are you mainly charged with data that required frequent and systematic observation on large scale?

You can appoint someone in your company to take up the role of the Data Protection Officer or DPO. His responsibility however need to be compatible with certain obligations that is part of the task as DPO. She or he cannot serve conflicting interests.


Ready for it?
Make an appointment with one of our experts to check if your company is GDPR compliant!

We will inform you in the best way we can without any obligations or conditions.  During a conversation we can provide you with the necessary answers and solutions to make your company GDPR compliant.

Contact us now, we will be happy to serve you a nice cup of coffee or tea.

Share this article

Facebook Twitter Linkedin