logo aftership

Pricing

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a data privacy and security law agreed upon by the European Parliament and Council in April 2016 regarding how businesses handle customer data. The legal framework outlines guidelines for companies to process and collect personal information online from individuals who live in the European Union (EU). GDPR is the most prudent data protection law in the world. Businesses that fail to adhere to its privacy and security standards are levied harsh fines and strict penalties of up to tens of millions of euros by the GDPR.

The primary objective behind setting up GDPR by the EU is to harmonize digital privacy laws across all its member countries and provide consistent protection of consumer and personal data across all EU nations. In other words, the law must be heeded by all the websites irrespective of their origin if they are attracting European visitors (even when they don’t specifically market goods and services to the EU residents). The law also mandates that organizations that collect personal customer information do so responsibly and protect it against "unauthorized or unlawful processing, and against accidental loss, destruction or damage."

Under GDPR, the organizations have to meet at least one of the following key privacy and data protection requirements to legally process any person's personally identifiable information (PII).

  • Take customer’s consent before collecting and processing their personal information
  • Notify customers in the event of a data breach
  • Hire a data processing officer (DPO) for data governance and compliance with GDPR
  • Make sure the data collected is accurate and up-to-date
  • Companies should process data in a manner to ensure appropriate security, integrity, and confidentiality
  • Data collection should be fair, lawful, and transparent with the specified purpose
  • Companies should collect as much data as required for a specific purpose
  • Data should be processed only for specified and legitimate purposes and should not be incompatible with those purposes

Subscribe the updates