Non-EU based organisations.
All organisations that process personal data of EU citizens must comply with the GDPR, even when not operating in EU soil.
Archives: FAQs
Organisations operating outside the EU and employing EU citizens.
Organisations operating outside the European Union, but employing EU citizens, must comply with the GDPR requirements. This means that the EU citizens can exercise their rights according to the GDPR, even if the company does
If the company is based outside the European Union do we need to comply with the GDPR?
Yes, any company who is processing personal data of the EU citizens, must comply with the General Data Protection Regulation.
How does the GDPR differ from the previous Directive?
GDPR is a regulation, which means that the regulation will come into force as such. Therefore, regulations have binding legal effect in every member state. Directive on the other hand means that the member states
What is Data Protection Impact Assessment (DPIA)?
If the data processing and the collected data may result in a high risk of the rights and freedom of natural persons companies need to evaluate how their processing model may affect natural persons and
Do I need a Data Protection Officer (DPO)?
Companies need to appoint a Data Protection Officer (DPO) if the company is a public authority, carries out personal data processing on a large scale regularly and systematically, engages in large scale processing of sensitive
What do I have to do in case of data breach?
In case of a data breach, you need to inform the supervisory authority within 72 hours when the breach was found. The notification has to consist of information what was stolen or lost, how the
What are processors and how to handle them?
Any company (or person) who deals with personal data on behalf of you is called a Processor (in GDPR language). Examples of processors include marketing companies, accountants, payment and delivery service providers, IT /cloud providers
Right to Data Portability – what does it mean?
Right to Data portability for person means possibility to obtain his personal Data from one service provider and reuse it at another for his own purposes in easy and safe way. It allows to get
Right to be Forgotten
Right to be forgotten is individual’s (data subject’s) right to demand companies to erase or anonymise their personal data (this is called “right to be forgotten” or “right for erasure” in GDPR terms). According to
