How does the GDPR affect your company?
The General Data Protection Regulation (GDPR) applies to all organizations that process personal data on the territory of Estonia, regardless of their size or field of activity.
A wide range of data is treated as personal data, starting with the usual name and e-mail address, ending with biometric data and monitoring of internet usage. One of the most important GDPR requirements is the transparency of personal data processing. Companies must be able to clearly document what data is collected, what it is used for, who has access to it and how its security is ensured. In addition, consumers must give clear and informed consent to the processing of their data. Children's personal data are under special attention, for the processing of which stricter rules are prescribed by law. There can be at least three types of corporate liability. One is bureaucratic, meaning fines if companies fail to comply with the Personal Data Protection Act. The second is judicial, when victims claim compensation through the courts. And the third is economic, when the company's customers leave .
Does the GDPR apply to me?
If you process the personal data of EU residents, i.e. offer goods or services, the GDPR applies to you. It does not matter if the person lives outside the EU. The GDPR is designed to protect the personal data of all EU citizens, so even then the GDPR applies to you.
To whom does the GDPR not apply?
The GDPR does not apply if the data subject is dead, the data subject is a legal entity, the processing is carried out by a person acting for purposes are related to his trade, business or professional activities. The consequences of not complying with GDPR requirements are serious. Companies that do not comply can be fined up to 4% of their total annual turnover or up to 20 million euros. In addition, non-compliance can lead to reputational damage, loss of customer confidence and legal proceedings.
The General Data Protection Regulation (GDPR) applies to all organizations that process personal data on the territory of Estonia, regardless of their size or field of activity.
A wide range of data is treated as personal data, starting with the usual name and e-mail address, ending with biometric data and monitoring of internet usage. One of the most important GDPR requirements is the transparency of personal data processing. Companies must be able to clearly document what data is collected, what it is used for, who has access to it and how its security is ensured. In addition, consumers must give clear and informed consent to the processing of their data. Children's personal data are under special attention, for the processing of which stricter rules are prescribed by law. There can be at least three types of corporate liability. One is bureaucratic, meaning fines if companies fail to comply with the Personal Data Protection Act. The second is judicial, when victims claim compensation through the courts. And the third is economic, when the company's customers leave .
Does the GDPR apply to me?
If you process the personal data of EU residents, i.e. offer goods or services, the GDPR applies to you. It does not matter if the person lives outside the EU. The GDPR is designed to protect the personal data of all EU citizens, so even then the GDPR applies to you.
To whom does the GDPR not apply?
The GDPR does not apply if the data subject is dead, the data subject is a legal entity, the processing is carried out by a person acting for purposes are related to his trade, business or professional activities. The consequences of not complying with GDPR requirements are serious. Companies that do not comply can be fined up to 4% of their total annual turnover or up to 20 million euros. In addition, non-compliance can lead to reputational damage, loss of customer confidence and legal proceedings.