GDPR

The GDPR is a new data and privacy security legislation which was developed by the European Parliament and Council for the protection of data rights of the EU citizens. Companies (including websites, mobile, and desktop apps etc.) that do business transactions with EU citizens are going to be affected by this regulation.

On May 25, 2018, the GDPR replaced the existing data protection law i.e. the Data Protection Directive that has been in effect since 1998. If your company collects or processes the data of EU citizens, you are required to comply with this regulation. Non-compliance can result in hefty fines of up to €20 million or four percent of annual revenues, whichever is higher.

One of the key aims and requirements of the GDPR is to keep EU citizens informed of how businesses collect, use, share, secure and process their personal data.

Under the GDPR, you are required to inform your customers about why you are processing their data and for how long will you store it. You must tell them in plain and clear words how you use their data.