The Business Process & IT Best Practices Specialist!
Contact Us
+91 9810609560

General Data Protection Regulation


May 25 2018, the day when GDPR compliance became a mandatory legal requirement for all businesses that either interact with EU residents or are based within the UK is over . It replaces the prior Data Protection Directive (95/46/EC) of 1995 and, as a regulation instead of a directive, now is applicable immediately on enforcement date without requiring individual transpositions by member state legislation.The EU regulation has consolidated the many different data protection regulations which are spread across all EU member countries.
Businesses will no longer be able to use personal data for their own competitive advantage; and must follow a clear set of rules to ensure data is processed in a fair and consistent manner.

Does my business needs to comply if I am not in EU?
It is important to understand that you need to comply with GDPR, even if you don’t have a legal entity in the EU.Any business big or small is now obligated under the law to comply to it or face the risk of stiff penalties
So if you offer your goods or services to any EU residents, then you must comply with GDPR. As long as you collect, process, exchange, or store personal identifiable information (PII) of EU and EEA citizens (referred to as Principals), you will need to ensure you comply with these regulations.

Two primary groups of entities must therefore comply with the GDPR.

  • Firms located in the EU
  • Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residentswhich means nearly any business anywhere in the Globe dealing with EU .
What type of data is considered to be personal data?
The GDPR categorizes a broad swath of data, such as name, email, location, IP address, and online behavior as personal data.

We do not charge for services we offer. Do we need to comply?
Yes. The GDPR applies to firms that offer goods or services to EU residents irrespective of if payment is exchanged.

What happens if I do not comply?
Non-compliance and data privacy breaches may result in fines – up to 20 million Euro or 4 % of your global annual revenue – whatever is higher.

There will be two levels of fines based on the GDPR.

  • The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.
  • The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.

Fines shall be issued for infringements for several reasons some of them are ignoring :

  • The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9
  • The data subjects’ rights under Articles 12-22
  • The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49
  • Any obligations pursuant to Member State law adopted under Chapter IX
  • Any non-compliance with an order by a supervisory authority (83.6)
The potential fines are substantial and a good reason for companies to ensure compliance with the Regulation.

Does compliance with ISO 27001 guarantee GDPR compliance?
There exists as confusion among many people and organizations that if they have certain certifications like ISO 27001 that will means compliance to GDPR. The often repeated question that “Am I fully compliant with GDPR if I am already certified to ISO 27001?” This is a myth. GDPR is not an IT problem, it’s certainly not just a data security problem, it is a business problem, and one that will affect every individual in your organisation to a greater or lesser degree.
In crux GDPR law consists of 99 Articles. As we’ve seen, just one of those covers technical and organisational data security measures. In other words, there’s much more to full GDPR compliance than ensuring your information security management system is up to level.

Can we get our organization certified to GDPR?
As on date there is no certification approved for GDPR compliance. As on date there are no certifications yet available for GDPR, let alone accredited certification bodies who can provide it.

To date there is no GDPR certifications available from anyone for anything. The ICO, in the UK, have released nothing on certification / accreditation, not even guidance. Nor have the Article 29 Working Party (Art. 29 WP) to whom the ICO refer.

GDPR is compulsory compliance to EU law and as of today there is no certification which can prove to any supervisory authority that companies processing personal information of EU citizens are GDPR compliant.

Book a Training Program

Email Id*:

They Speak For Us

Next Steps

How can you get assistance to comply to the GDPR?

If you wish to know more about GDPR issues and how we can assist you to comply please visit us at and do call me at +91 9810609560 or email me at