Blog About Contact Tools 📩 Login

All you need to know about the Schrems II Judgment (Privacy Shield invalidation)

gdpr Aug 16, 2020

Disclaimer: all the information in this article and otherwise on this website is for informational purposes only. No information is of a legal nature. Please read our full disclaimer.

On 16 July 2020, the Court of Justice for the European Union issued a ruling (“Schrems II judgment”) regarding the international transfers of personal data from the EU.

The ruling invalidated the Privacy Shield framework and set out stricter criteria for using other safeguards such as Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR).

This article is for you if you’re a:

  • US provider processing the personal data of anyone in the EU/EEA, or
  • Controller in the EU/EEA using such providers in any third country as data processors

Here’s a short summary:

  • The “Schrems” cases stems from the Austrian lawyer Max Schrems and his initial Facebook complaint to the Irish Data Protection Commissioner in 2013
  • Since then he founded the organization noyb, working to...
Continue Reading...

GDPR compliance checklist for SaaS, tech and online business

gdpr Jul 30, 2020

And does the GDPR even apply to you?

You're probably wondering how many hours it will take to comply with the GDPR, the new European data protection and privacy law, applicable to almost every online business (across the world).

In short, if you promote or sell services to people in the EU, you need to comply with the GDPR. Simply promoting your stuff online to EU people (through email list building for example), is enough.

If you're a US company with a target market in California, and you happen to sell something to a dude in Germany once every blue moon, then you probably don't have worry about the GDPR. You got your own laws to worry about, though (CCPA), and GDPR-like laws are sprouting all over the world, so perhaps you might as well do *something* about how you handle personal data.

If you're still unsure, take the ICO's (the UK data protection authority) assessment here: Does data protection law apply to my business?

After spending well over a thousand hours studying and...

Continue Reading...

Credible GDPR sources (and those you should never trust)

gdpr Jan 05, 2020

This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.

Don't trust everything you read about the GDPR

The GDPR is already a complicated area for many, and most people feel overwhelmed. They’re not sure what to do, in which order, and when it’s good enough – for their kind of business. They’re often also worried about the price of getting help.

If this is the case, go straight to the ultimate GDPR compliance checklist for small and online businesses

Also visit the website of your national data protection authority (DPA). All you need to know about the GDPR, can usually be found there. Free of charge.

Just make sure you know when to get help with the GDPR, what to get help on, and that you do your due diligence on any GDPR "helpers" first.

Here is a list of the members of the...

Continue Reading...

What is «personal data» (in the GDPR)?

gdpr Jun 22, 2019

This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.

The GDPR applies to the processing of personal data when running a (non or for profit) business, membership, club, association or any type of organization (online or not).

Because of the definitions in the legal text, GDPR applies to nearly all kinds of businesses and organisations, irrespective of size, type, industry or revenue.

Read all about GDPR compliance for SaaS companies, tech startups, freelancers and all types of online businesses

Many business owners who believe that GDPR don’t apply to them, are not clear on what personal data is. And, in short, it’s almost anything.

Personal data in the GDPR is more than you think

Personal data as per the GDPR is any kind of information or assessment of an individual, that can be either ...

Continue Reading...

What is GDPR? The European data protection law for online businesses

gdpr May 25, 2019

This article is written specifically for small businesses and therefore doesn’t include all aspects of the legislation that may apply to larger businesses and public entities. No information on this website constitute legal advice.

What is GDPR - in a nutshell?

GDPR is short for the General Data Protection Regulation and it’s a European law about data protection, privacy and basic human rights.

A lot has been written about the GDPR and how to achieve GDPR compliance. My first and most important advice is: Only rely on credible sources. Meaning no random advice from Facebook groups or blog posts from companies that aren't GDPR experts.

The law applies if you operate inside of the EEA (the 28 27 EU member countries + the three EEA countries Norway, Liechtenstein and Iceland), or you (happen to) promote or sell goods/services to people in the EEA.

Notice that I said «people», not citizens, inhabitants or with this or that nationality. As long as the people you...

Continue Reading...
Close

50% there!

Grab the GDPR Website Checklist (to be released soon)

GDPR explained so you actually understand it - tailored for professional online business owners! Submit the form to get notified as soon as we release our professional website checklist (including the GDPR stuff!).

🙌

You won't be added to our general marketing list and your personal data is processed only for sending you the checklist when it's ready, as well as one follow-up email to ask if you found it useful. Opt out at any time. Privacy notice