What Is GDPR – Everything You Need To Know About It

general data protection regulation

What Is GDPR – Everything You Need To Know About It

General Data Protection Regulation

General Data Protection Regulation or the GDPR applies to everyone involved in processing the data of the citizens under the European Union on their sales or service platforms, regardless of where the company is located.

The regulation came in force on 25th May 2018, making it mandatory for the companies to follow certain rules. The purpose of these rules is to bar the big players from stealing the user data and to enforce more hygienic IT practices.


What Are GDPRs?

  • Privacy settings are to be set to high by default or the privacy is to be inbuilt in the design.
  • The user must actively give their consent rather than be assumed and that they can withdraw that consent at any time. Also to read and answer the terms and conditions should be easy for the users.
  • So if you have recorded a call for quality and maintenance purposes and if the user asks to delete that, the company will have to delete that call.
  • EU citizens have the right to access their personal information and to know who the company is, who shared it with and how they got it in the first place.


  • The user can ask the company to delete their personal information that affects their fundamental rights if they do not want that company to access it. Any older data must be deleted anyway if it is no longer being used. This is called the right to be forgotten.


  • The users can access, obtain and reuse their personal information for their own purposes by migrating it across different environments.


  • Any breach or failure has to be reported to the national regulator of GDPR within 72 hours. If the organization fails to do so, they have to explain the cause of such failure and the impact of the same on the subjects.


  • The user has a right to demand an explanation if an algorithm is left to make a decision for themselves.


  • The companies with more than 250 employees have to appoint qualified officers for continuous monitoring of sensitive personal information.

Let’s Talk About GDPR

With a basic understanding of the GDPR, we were not quite sure as to what we are supposed to do as an organization with only a dozen employees in each of our offices in Sweden and the USA. Moreover, the rules apply to every company around the world who has anything to do with the citizens under the European Union.

The regulatory body has treated every citizen equally and protected their rights equally. In order to maintain our trustworthiness among our customers and to escape the pangs of a hefty penalty, we incorporated a few changes in our infrastructure and operational paradigm.

The first thing that came to our mind was “Where should we start from?” So, we analyzed what data we had and how sensitive or personal it was. These rules are not only applicable to the protection in the future but also seal the data we currently have.

We verified the consents to hold that information, the validity of the organizations that were holding it and we also informed the concerned customers about our recent shift in a working mechanism. They were happy to fill a few more pop-us.


we started with a flow audit, a gap analysis, and other permission checks by appointing a compliance expert. They mapped out the steps we needed to take to make everything more secure and compliant. We had done much of our homework prior to the official enforcement (topic is hot for the past year), so it did really help us in quickening the procedure.

The legislation does not affect the companies who have nothing to do with the EU citizens, or, are invisible in the EU online. Unlike them, our company was not only based in the EU, but we had also rubbed our nose to create that precious online presence both here and in the US.

Our web pages in the English language and the US target audience were not impacted, but our web pages in the native language (Swedish) were all reconfigured. While many of our friends with their business set up in the US and online presence in the EU also had to abide by the new practices.

We added a few forms asking for the user’s express consent to share their information with us and also disclosed in the same form that where all this will be stored and used.

At the beginning what sounded like a heavy blow, turned out to be a blessing. Our relation improved with our customers and it felt as if that last ring on the nut was also tightened.

you know more visit here https://pushtii.com/blog/

No Comments

Post A Comment



4 × 2 =