What is the GDPR?

Personal data protection and how companies use customer data is a major concern for many marketing and sales professionals in Europe.

GDPR is short for the European Union’s General Data Protection Regulation. It came into effect on May 25, 2018, and governs consumer data collection, storage and usage practices within the EU. Corporate polls show that many Compliance Officers and other top executives are still not fully familiar with its requirements. Even now, many sales and marketing departments are still playing catch-up on this issue.

What You Should Know

Does my company need to comply?

If you’re reading this, very likely, yes. Article 3 of the GDPR lists two primary groups of entities that have to comply:

  1.  Firms located in the EU
  2.  Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behaviour of EU residents

That’s pretty comprehensive. If, for example, your company has a website that is visited by citizens or residents of the European Union, you will likely be required to comply on that basis alone if you collect personally identifiable information on visitors to your website.

Any organization that processes data of any individual in the context of selling goods or services within EU borders is required to comply with this new regulation or face steep fines. Your company might be based in Chile or China or Canada, but if you have even a single customer who is a resident of the European Union, you will have to comply with this comprehensive new set of regulations.

What is personally identifiable information?

A Name

A Photo

An Email Address

Bank Details

Posts on social networks and websites

Medical information

A computer IP address

A social security number

For sales and marketing, customer data is our lifeblood as well as a source of revenue in many cases. What is going to happen with this data?


Where is personal data stored? Who has access? Why do you have it? How long have you had it? Who is responsible?


All EU residents can request access to personal data -- manage that data in a structured way so you’re ready. Correct or delete personal data when requested to, quickly and efficiently.


Use the right technologies so all personal data is stored and transferred securely and establish transparency into your security and data protection processes so you can effectively fulfill compliance requests and audits.


Make sure you’ve got a dedicated team to protect and manage personal data, but developing a security-aware culture within your entire company is key to compliance. Human error accounts for about 16% of data breaches.


Monitor technologies for glitches and risky practices. Keep a close eye on data access and permissions changes so you can spot suspicious behaviors on time. If you spot a breach, notify authorities within 72 hours.


Work with technologies and processes so you can generate reports regularly and use them to prove that your organization is compliant.

The downside:

  • You have less control over what data you collect and retain, and your databases will have to be downsized.
  • The new law has teeth. This increases the downside legal risk of even accidental data breaches that are not dealt with immediately and fully. And compliance in general will cost money and time.

The upside:

  • Transparency. Your customer communications will be improved, and customers will understand better what your aims are.
  • Increased trust. This improved transparency means improved customer confidence. The GDPR will automatically weed out bad-faith actors.
  • Harmonized legislation. Formerly, companies had to deal with a wide variety of legislation. This is no longer the case. The GDPR covers all member countries of the E. U.
  • Better-focused customer databases. The ease of opting out and the requirement to gain informed, freely given consent for the collection of data means that customers who allow you to collect data are actually interested in your product, your company and your sector.

Some of the documents that you’ll need to translate:

Privacy Notices

Data Protection/Privacy Policies

Breach Response Policies

Employee Privacy Notices

Template Data Processing Agreements

Statutory Data Transfer Agreements


Our language expertise and technologies will help you deliver more value to your global consumers.