Jude DeMeis

Senior Consultant, Technical Architect

Is your organization ready to comply with GDPR? Learn the basics about Europe’s new data privacy law.

Senior Consultant, Technical Architect

The European Union is calling the new General Data Protection Regulation “the most important change in data privacy regulation in 20 years”.

Under GDPR, organizations will need to ensure that personal data is gathered legally.  If you collect customer data from European citizens, you will be obliged to protect it from misuse and exploitation or face penalties.  Your organization will also need to prepare to disclose the potential consequences of any data breach and you’ll be required to describe measures which are being taken.  You will also need to define a data protection officer and provide a way to contact them.

The goal of GDPR is to provide European customers with a level of comfort around their security.  This is achieved by you providing them with transparency and control.  A well-designed website that allows the customer to understand what you are doing with their data, make updates, or opt out entirely, will bring your web presence most of the way to GDPR compliance.

GDPR grants European Union citizens the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • Right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
Social Media:

The good news is that as consent and data use is concerned, Social Media consent will be effectively be covered by the terms and conditions and privacy notices of each of the social media platforms.


When readying your organization for GDPR, it is important to consider how data can be leaked or taken from mobile devices.   It is essential to understand how data on employee devices could be maliciously taken or accidentally leaked.


Since Google analytics is anonymous, you may be in the clear.  As long as you are unable to ascertain what data relates to a person, then GDPR’s ‘right of rectification’ and ‘right of erasure’ just cannot apply. But be careful when collating your analytics with email addresses, IP addresses or Phone numbers that are personal in nature – because then GDPR takes effect.


To comply with GDPR, you must know the location where any of your organization’s cloud apps are processing or storing data. You can accomplish this by an audit of all of the cloud apps in use in your organization and querying the vendors to understand where they are hosting your customer data.