GDPR, implemented by the European Union, is a legal framework aimed at safeguarding the personal data and privacy of EU citizens. It establishes guidelines for organisations regarding data handling and enforces penalties to those that don't comply with its regulations.


What does GDPR stand for?


GDPR stands for General Data Protection Regulation.


What is GDPR compliance?

GDPR compliance is the adherence to the regulations outlined in the General Data Protection Regulation (GDPR), ensuring that organisations collect, process, store, and share personal data in accordance with its requirements. Compliance involves obtaining explicit consent for data processing, maintaining transparency in data practices, ensuring data security, and facilitating individuals' rights over their data. Not following GDPR rules leads to big fines and penalties.


What does GDPR apply to?

The GDPR rules applies to all 27 member countries of the European Union (EU)**. It also applies to all countries in the European Economic Area (the EEA). Situations subject to GDPR compliance:

  1. A company handles personal data and operates within the EU, regardless of where the data processing occurs
  2. A company operates outside the EU but deals with personal data related to providing goods or services to EU individuals or monitors EU individuals' behavior.
  3. Non-EU businesses handling data of EU citizens must designate a representative in the EU.

If a company is categorised as a small or medium-sized enterprise (SMEs), and handles personal data, GDPR compliance is necessary. However, if data processing isn't integral to your business and doesn't pose risks, certain GDPR obligations, such as appointing a Data Protection Officer ('DPO'), may not apply. It's important to note that 'core activities' entail data processing inseparable from the controller's or processor's functions.


Example of GDPR compliant

Web Push notifications are GDPR compliant by nature since they don’t require any personal data.

GDPR requires that organisations obtain explicit consent from individuals before sending any push notification. When users opt in to receive push notifications and provide their explicit consent, this ensures compliance with GDPR requirements.