Overview of the new data protection law
What's it all about?
The new General Data Protection Regulation (short. GDPR) defines, how companies handle and process personalised data. The new law aims to professionalize how companies handle the data protection of EU citizens.
Who is affected by the GDPR?
Everyone, who is collecting and processing personalised data, no matter whether it's a company, society or authority.
What is personalised data?
Personalised data is data that refers to a (theoretically identifiable) person (e.g. prospective clients, employees, applicants…). Even the IP address is considered as personalised data, since it only requires little effort to identify a person by his or her IP address. This means: As soon as you're using an analysis tool (like Google Analytics) or even if your server only saves access files, you are processing personalised data.
Can I simply ignore this topic?
For sure ;). However, we don't recommend to. Considering sanctions up to 2% (resp. up to 4%) of the annual sales, data protection breaches can become quite costly. So take a deep breath and get to it – once started, implementing the GDPR is not as hard as it might seem.