Contact

What is GDPR?

Coming into force on 25th May 2018, the General Data Protection Regulation (GDPR) is the most important change in EU data privacy regulation in the past decades.

The regulation fundamentally reshapes the way in which data is handled across every sector, from healthcare to banking, public sector and private companies.

GDPR applies to all companies that store or process personal information about EU citizens even if they don’t have a business presence within the EU.

Any organization that sells goods, offers services or monitors the online behavior of EU residents, must comply with GDPR requirements. And fines for non compliance are as high as €20 million euros or 4% of a company’s total global revenue, whichever is larger.

The Challenge

The General Data Protection Regulation (GDPR) is not only a legal challenge. Above all, GDPR compliance is a cultural and technical challenge.

  • How do you ensure that the handling of personal data across all applications and departments is GDPR compliant?
  • Are you able to verify consent before any new data processing or marketing campaign?
  • Are you prepared to answer potentially 512 million EU citizens – all within one month of the request?

The obligations require maximum data transparency and data integration as well as a technically highly efficient execution process.

The Solution

We will scan your website extensively for the following:

  • Site plugins (apps)
  • Site scripts
  • Data collection tools

Then we create a Data Access Form, where users will be able to request:

We will configure the Cookies Consent functionality:

  • Fully customizable Cookies bar
  • Option to choose if Cookies are allowed/disallowed/personalize

With your guidelines, we will redact:

  • Terms & Conditions pages
  • Cookie Policy

GDPR data leak: if your company had a security incident and personal data has been exposed, you might need to inform both the users and authorities:

  • We will implement a configured document to alert those involved.

Get a quote

Have your website GDPR taken care of in less than 7 days.

Please note, we only work with WordPress sites. By submitting this form, you accept our privacy policy. We do not provide legal council, you should always consult with an attorney.

Download the GDPR guidelines​

EC’s guideline with several steps to help your business comply with the GDPR implementation.​

Download PDF
With Metric International’s solutions, we are able to offload time-intensive tasks without compromising the security of our sensitive information. That has been invaluable to us as an IT team in a rapidly expanding environment.
M. Schulz Director of IT

FAQ

Most frequent questions and answers

The GDPR became enforceable starting 25 May, 2018.

Yes. The GDPR applies to firms that offer goods or services to EU residents irrespective of if payment is exchanged.

Yes. If you offer your goods or services to any EU residents, then you must comply with GDPR. Learn more here.

That depends on if the output of said manual data processing forms or are intended to form part of a filing system, defined by Article 4(6) as “any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis”. In plain words, if the manual data processing contributes toward a database, then yes, you must comply. If said processing is one-off and does not enter a structured and accessible database, then the GDPR may not apply.

Yes. First, the GDPR will go into effect before the 2-year leave deadline of Brexit (April 2019). Barring new legislation, UK firms must comply with the GDPR until then. Karen Bradley, the Secretary of State for Culture, Media, and Sport, has affirmed in October 2016 post referendum that “We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.” Second, even after Brexit concludes, UK firms that offer goods or services to EU residents still need to comply.

You may be fined for up to €20mm or 4% of your worldwide turnover (revenue), whichever is greater. You may also be subject to lawsuits by affected data subjects. Learn more here.

The GDPR categorizes a broad swath of data, such as name, email, location, IP address, and online behavior as personal data. Learn more here.

In general, consent needs to be explicit, opt-in, and freely given. This means popular opt-out based consent of today will no longer be acceptable. Learn more here.

You must appoint a DPO if you represent public authorities or organizations that process large scale monitoring or processing of sensitive personal data. Learn more here.

More about GDPR

Data Location Requirements for GDPR

April 13, 2020 No Comments

Metric International often receives questions about the locality of data we process for our customers – where data is being stored depending on where it originates. Businesses all over the world use and trust us, and their customers interact with them everywhere in the world. In new world of GDPR, the question of “where are you keeping my data” is coming up even more. And, that question, (particularly, if you’re an e-commerce shop) may also be getting you down. Maybe we’ve built your website or e-commerce platform and use non-European Union based service providers. Maybe your own operations are not

Read More »
GDPR Right to Erasure - Metric International

GDPR: Right to Erasure (“Right to be forgotten”)

August 25, 2019 No Comments

The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’. What is the right to erasure? The right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the GDPR. It states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay” if one of a number of conditions applies. “Undue delay” is considered to

Read More »
GDPR Compliance and digital security one year on - Metric International

GDPR Compliance and digital security one year on

June 24, 2019 No Comments

2018 brought about a major shift and more clarity in the world of individual data privacy. Last month marked the one-year anniversary since the European General Data Protection Regulation (GDPR) was introduced. The regulation was an attempt to unify the existing data protection legislation put in place by individual EU member states. GDPR is designed to guide businesses in protecting the personal data of EU citizens and covers any data that could be used to identify an individual. This includes medical records, genetic or economic information – these elements are the target of a data breach. The GDPR required all

Read More »
How complying with GDPR is like getting in shape - Metric International

How complying with GDPR is like getting in shape

June 12, 2019 No Comments

It has been over a year and a couple of months since the General Data Protection Regulation (GDPR) went into force. There was a lot of attention focused on the May 25th 2018 “deadline,” as if it was a finish line, when in fact it is just the start of what should be an effort that has no finish line.  The GDPR compliance in general—is like physical fitness. It is an ongoing process, a “lifestyle,” not an event. Think about that analogy for a minute. Every day there are millions of people around the world who make a decision to lose

Read More »
GDPR Data Protection Officer - Metric International

GDPR: Data Protection Officer

June 22, 2018 No Comments

Section 4 of the GDPR outlines the requirement for applicable firms to appoint a data protection officer (DPO). All emphasis added unless otherwise stated. When a DPO must be appointed According to Article 37(1), data controllers and processors shall designate a DPO where: (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; (b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;

Read More »

Ready to boost your business?

Let's chat about your needs and how we can help your business goals.
By submitting your info, you agree to our privacy policy. Just as you, we don't like spam, you can one-click unsubscribe at any moment. We don't sell or share your information.

Metric International, Inc. is a multilingual global services agency specialized in digital presence through: Technology, Branding and Marketing solutions.

Solutions

About

Account

© 2022 Metric International, Inc.
All rights reserved.

Made with ❤ in Amsterdam

GDPR
guidelines

Fill in your details and you will be redirected to the document.