GDPR Compliance

14/10/2022

The evolution of technology and the way personal data is collected and processed affects everyone’s life every day. It is therefore not surprising that all companies process personal data. Every company collects at least personal data from its own staff, maintains a customer database, or engages in direct marketing. Companies must comply with the obligations arising from European regulations on the protection of personal data (“Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data”, “GDPR”).

A company that is not compliant with the GDPR risks a fine of up to 4% of its annual turnover and up to a maximum of 20 million EUR. In addition, a fine for a company also means a lot of media attention, which undoubtedly leads to damage to its reputation and image. The message for every company is therefore to be GDPR compliant.

A quick refresher: what is it?

Since May 25, 2018, the GDPR has been in effect. It applies to all companies that process personal data of individuals in the European Union, regardless of whether the company is established in the European Union. The GDPR includes obligations for companies regarding the collection, storage, and protection of personal data.

Personal data includes all information about a person that allows their identity to be discovered. This includes, among other things: a name, address, email address, IP address, preferences, CV, health data, etc.

The main obligations within the GDPR

The GDPR provides some important principles that a company must comply with when processing personal data. Adhering to the following basic principles is a fundamental cornerstone for good data protection practice:

  • Personal data must be processed in a lawful, fair, and transparent manner; In short, this means that individuals must be informed about the processing of personal data and that the company must have a valid legal basis for the processing of personal data;
  • The company may only collect personal data for specific, explicitly defined, and legitimate purposes;
  • The company may only collect personal data that is necessary for the purposes for which they are processed. This concerns the minimal personal data necessary for a specific purpose;
  • Personal data must be accurate. All inaccurate personal data must be deleted;
  • Personal data must not be kept longer than necessary for the purposes;
  • When processing personal data, appropriate technical and organizational measures must be taken to ensure adequate security of personal data.

The company as the data controller is responsible for compliance with these principles. As mentioned, non-compliance with the principles can result in significant fines.

How can a company ensure GDPR compliance?

Recently, BOFIDILegal can assist its clients with GDPR compliance aspects, such as:

  • GDPR assessment of a company with concrete action points;
  • Assistance with records of processing activities and an overview of processors;
  • Privacy and cookie statement;
  • Processor agreements;
  • Privacy Impact assessments;
  • Advice on international transfer of personal data;
  • Internal GDPR compliance documents and training for employees/collaborators.

Our PKF BOFIDI Legal experts are happy to help you

Do you have any questions about this or would you like GDPR compliance tailored to your company? Do not hesitate to contact us via info@pkfbofidilegal.com.


Meer weten over

Subscribe to our newsletter

Receive insights in your mailbox

Subscribe