Every organisation that is located in the EU or that is collecting, recording, organising, structuring, storing, adapting or altering, retrieving, concerned with consultation, using, transmitting, disseminating or otherwise making available, doing alignment or combination, restricting, erasing or destructioning personal data of people situated in the EU must comply with GDPR.
Who must comply with GDPR?
The regulation is binding for organisations with more than 250 employees. However, it is also binding, if smaller organisations (also one person units) if they are processing data in a systematic way… and systematic already starts with printed papers filed in a certain order or spreadsheets that are used regularly. Therefore, if we consider i.e. accounting or a customer database – every company – even with only a few or none employees – is concerned with GDPR.
Here we are listing some examples of activities that are concerned by GDPR.
If you do just one of these activities, you have to comply with GDPR:
- Sending an email-newsletter
- Using a customer database or any CRM system
- Accounting with invoice addresses of your suppliers and clients
- Analysing your website visitors with tools like Google Analytics
- Using cloud storage like Dropbox, Google Drive or OneDrive for personal data
- Employing people with wage accounting
- In some countries, like Austria, even image processing and video surveillance are concerned with GDPR.
You have to comply with GDPR if you are processing personal data of EU citizens like in any of these examples.