Who does the data protection law apply to?
The GDPR applies to a company, or entity, which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
If your company is a small and medium-sized enterprise (‘SME’) that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn’t create risks for individuals, then some obligations of the GDPR will not apply to you (for example the appointment of a Data Protection Officer (‘DPO’)). Note that ‘core activities’ should include activities where the processing of data forms an inextricable part of the controller’s or processor’s activities.
When the regulation applies
Your company is a small, tertiary education company operating online with an establishment based outside the EU. It targets mainly Spanish and Portuguese language universities in the EU. It offers free advice on a number of university courses and students require a username and a password to access your online material. Your company provides the said username and password once the students fill out an enrolment form.
When the regulation does not apply
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.
Do the rules apply to SMEs?
General Data Protection Regulation (EU) 2016/679
The European Union has had data privacy rules in place for over twenty years, those rules are set to see some change. Since the 25 May 2018 date of the implementation deadline of the General Data Protection Regulation (EU) 2016/679 (GDPR), all organisations processing personal data need to adapt their business approaches, their operations and their security practices. It’s crucial for every one, in every company, to understand these emerging requirements and how to accommodate them.
This is the very first step in conforming to the GDPR. In our GDPR assessment, we analyze and determine your current situation, also known as AS-IS assessment. During this phase, we also identify any gaps between your situation and the requirements of the GDPR legislation. Based on our assessment, we start from the results of this analysis as a starting point for the GDPR compliance implementation project. We develop with you and specify the measures and a pragmatic action plan adapted to your organization.
Based on our pragmatic action plan, we determine each element to be implemented at each level of the organization, including: governance, legal aspects, processes, communication, human resources and systems. technological infrastructure.
We can help you implement these elements by taking charge of managing your GDPR project.
DPO as a Service
Our DPO as a Service for data protection issues is the service fully GDPR compliance. We take over the role of the Data Protection Officer in your organisation in line with GDPR requirements. We can also assist your internal DPO. Khagan serve as an independent expert inside your organisation.
GDPR & DPO Training
Our GDPR & DPO Training course is for everyone who handles personal data. We provide a broad understanding of the General Data Protection Regulation, or GDPR, EU 2016/679 – which is all about keeping personal data safe and protecting the interests of the people whose data it is.
Clarifications autour du RGPD UE 2016/679 – White Paper5,00€
Verduidelijkingen rondom de GDPR EU 2016/679 – White Paper5,00€
Clarifications around GDPR EU 2016/679 – White Paper5,00€
GDPR Compliance Web Solutions downloadable All-In Silver450,00€
GDPR Compliance Platinum Services All-In10 000,00€
GDPR Compliance Solutions & Services All-In Gold4 000,00€