GDPR for Dummies: A Guide to GDPR in a Nutshell


You may have seen GDPR popping up all over the internet and you’re wondering what it is. GDPR stands for General Data Protection Regulation which took effect on May 25, 2018. GDPR has been implemented to protect EU citizens from data breaches that could happen with their personal information online. GDPR imposes heavy fines on companies that fail to comply with GDPR standards or are found in violation of GDPR policies. In this blog post Fomoco News will explain the basics of GDPR so you can be more informed about this new legislation!

GDPR impacts any company that stores GDPR data which includes personal information, location details and more. GDPR applies to companies outside of the EU as well if they have European citizens on their database or are monitoring the behavior of those individuals online.

GDPR for Dummies: The Beginner's Guide to GDPR

What is GDPR?

GDPR is the GDPR-General Data Protection Regulation. GDPR came into effect on May 25th, 2018 and applies to all companies processing data about EU citizens (even if your company doesn’t operate in Europe). GDPR has replaced the 1995 Data Protection Directive 95/46/EC.

What are you required to do under GDPR?

This depends entirely on how much of an impact a particular piece of personal information will have on that individual person should it be lost or stolen. For example, credit card numbers would need stricter security than someone’s name or email address. Because losing control over somebody else’s credit card number could result in them being financially impacted with no way for them to recover their losses using traditional methods.

A safer, more secure approach is to assume that GDPR applies to you and treat every piece of data as if it were critical with severe penalties for mishandling EU citizens’ personal information.

What are the GDPR requirements?

GDPR requires companies both large and small (even sole proprietors) to take responsibility for handling their customers or clientele’s personal information in a safe fashion. It has been described by many sources as “do what you would do if each person was your mother.” If this seems like an extreme position, think about how much effort you took putting locks on all doors when your children started crawling around the house. Then consider that not protecting people’s private financial information can result in them losing money, or worse. GDPR states that, if a company does not take the necessary steps to protect EU citizens’ personal information and it is breached (i.e., hacked), they can be fined up to four percent of their annual global revenue: yes, billion with a b!

When does GDPR go into effect?

There are several key points to keep in mind when thinking of GDPR for Dummies. One important point to remember is the GDPR requires consent before collecting personal information from users or customers.

A user can withdraw their Consent at any time during GDPR so it’s probably best not to rely entirely on this aspect of GDPR . It is also important to note under GDPR , companies must notify a customer within 72 hours if security measures (such as encryption and passwords) were breached after an attack has occurred; thus creating another example where tracking systems help protect your business with regard to GDPR .

How do I obtain consent from users under GDPR guidelines?

What happens when you fail to obtain user consent properly or find yourself in violation of GDPR policies?  The regulation takes place immediately. But there will be a grace period until May 25, 2018 for organizations to get GDPR compliant. Fines are steep, reaching up to 20 million Euro or four percent of the previous year’s profits for GDPR violations . So it is important that companies prepare themselves properly before they run into any trouble with GDPR enforcement.

How do I stay GDPR compliant?  

There are several things you can do right now in order to be better prepared if your organization falls under GDPR guidelines including mapping out all of the data processing activities within your company and removing personal information from users who request their account deletion. You should also make sure that everyone on staff knows exactly what consent means when speaking about user privacy under GDPR rules as well as knowing how much time each person has for deleting stored customer data upon demand.

GDPR in a Nutshell

GDPR is the most significant change to European data protection law in over 20 years. This new regulation will replace the Data Protection Directive 95/46/ec effective May 25, 2018 and apply to all organizations that process personal information of residents of the European Union regardless if your business or company is based inside or outside of Europe.

The GDPR compliance deadline may seem far off but it’s important not to get too comfortable with this two-year timeline. Because you could still run into issues even after preparing for nearly half a decade ahead of time.


Please enter your comment!
Please enter your name here