The General Data Protection Regulation (GDPR)15/02/2018

Some new aspects of the GDPR could certainly be problematic for companies.

COMPULSORY date of entry into force: 25th May 2018

The aim is to give back to citizens the control of their personal data while unifying privacy regulations in the European Union.

Significant changes in data collection and processing are to be organised in the vast majority of companies, including SMEs, VSEs and freelance workers.

The concept of personal data now covers a set of detailed information including regular personal data but also information such as pictures and social network data.

For example, it is compulsory to get an express consent for collecting and using data, for reselling, but also for marketing purposes within a company.

In case of breach, severe fines or penalties will be imposed as the maximum fine now amounts to 20 million euros or 4% of annual global turnover.

We can help you by keeping a register of all the processing operations, by adapting your contracts and terms and conditions or by training you in the maintenance of this register.

Why keeping such a register?

It is mandatory:

  • For companies with more than 250 employees
  • For small companies if:
  • Processing is non-occasional, i.e. it is usual. Is considered “usual” processing of data relating to customer management, supplier management or even human management (Human Resources)
  • Processing is likely to involve risks to the rights and freedoms of persons whose data are processed.   
  • Processing is about so-called sensitive data (such as medical data, data relating to sexual orientation, religious beliefs, philosophical and political convictions, etc.)
  • Processing is about legal data (e.g. criminal penalty)

Any company with personnel, customer data, etc. has to keep this register. Indeed, you manage sensitive data every day (invoicing address, storage of certificates of criminal records, receipt of medical certificate…)

By correctly keeping the register the company will be able to demonstrate during an inspection that its processing activities are in accordance with the principles laid down in the Regulation.

Be vigilant and anticipate.

Forewarned is forearmed…

Contact us:




Other posts written by this Ambassador