Schrems II judgment/ruling (Privacy Shield invalidation) and required steps
Read the latest version here.
GDPR compliance checklist for SaaS, tech and online business
And does the GDPR even apply to you?
You're probably wondering how many hours it will take to comply with the GDPR, the new European data protection and privacy law, applicable to almost every online business (across the world).
In short, if you promote or sell services to people in the EU, you need to comply with the GDPR. Simply promoting your stuff online to EU people (through email list building for example), is enough.
If you're a US company with a target market in California, and you happen to sell something to a dude in Germany once every blue moon, then you probably don't have worry about the GDPR. You got your own laws to worry about, though (CCPA), and GDPR-like laws are sprouting all over the world, so perhaps you might as well do *something* about how you handle personal data.
If you're still unsure, take the ICO's (the UK data protection authority) assessment here: Does data protection law apply to my business?
After spending well over a thousand hours studying and...
Credible GDPR sources (and those you should never trust)
This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.
Don't trust everything you read about the GDPR
The GDPR is already a complicated area for many, and most people feel overwhelmed. They’re not sure what to do, in which order, and when it’s good enough – for their kind of business. They’re often also worried about the price of getting help.
Also visit the website of your national data protection authority (DPA). All you need to know about the GDPR, can usually be found there. Free of charge.
Just make sure you know when to get help with the GDPR, what to get help on, and that you do your due diligence on any GDPR "helpers" first.
Here is a list of the members of the...
What is «personal data» (in the GDPR)?
This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.
The GDPR applies to the processing of personal data when running a (non or for profit) business, membership, club, association or any type of organization (online or not).
Because of the definitions in the legal text, GDPR applies to nearly all kinds of businesses and organisations, irrespective of size, type, industry or revenue.
Many business owners who believe that GDPR don’t apply to them, are not clear on what personal data is. And, in short, it’s almost anything.
Personal data in the GDPR is more than you think
Personal data as per the GDPR is any kind of information or assessment of an individual, that can be either ...
What is GDPR? The European privacy and data protection law
This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.
What is GDPR - in a nutshell?
GDPR is short for the General Data Protection Regulation and it’s a European law about data protection, privacy and basic human rights.
A lot has been written about the GDPR and how to achieve GDPR compliance. My first and most important advice is: Only rely on credible sources. Meaning no random advice from Facebook groups or blog posts from companies that aren't GDPR experts.
The law applies if your business/organization is based in the EEA (the 27 EU member countries + the three EEA countries Norway, Liechtenstein and Iceland), or you (happen to) promote or sell goods/services to people in the EEA.
Notice that I said «people», not citizens, inhabitants or with this or that nationality. As long...
