We are Stibbe General Data Protection Regulation Specialists

Complying with the General Data Protection Regulation (GDPR) – What and how?

General Data Protection Regulation (GDPR)

The GDPR will have a broad impact on your business, both online and offline. So be prepared, and let us help you avoid pitfalls so you can stay focused on the business.  



Why bother about the GDPR?


A new EU Regulation on the processing of personal data.

Since personal data is any information relating to an identified or identifiable natural person, this Regulation will cover any data processing done by a company.

Directly applicable

Unlike Directives, EU Regulations are directly applicable in all EU member states, without the need for national laws to transpose them. Hence, a Regulation is automatically part of the law you need to adhere to.

Applicable from 25 May 2018

Don't fall into the trap of thinking there is plenty of time. The challenges of implementing this Regulation are numerous. In light of the far-reaching consequences, it is essential that you get organized, plan ahead, commit budgets and resources and, above all, ensure timely implementation.

Even if you are located outside the EU

The GDPR will apply to both EU companies and to non-EU companies that (i) process personal data in relation to the offering of goods or services to EU data subjects or (ii) monitor the behaviour of data subjects occurring within the EU.

Even if you “only” process data on behalf of someone else

The GDPR expressly addresses the role and responsibility of data processors, i.e. those entities that process personal data on behalf of another entity that controls the data and the purpose for which they are being processed (i.e. data controllers). For example, a hosting provider is a data processor for the company owning the website and a payroll service provider is a data processor for the employer outsourcing payroll services.

Compliance as a competitive edge

The impressive sanctions and fines for non-compliance with GDPR is one reason to take action. On a more positive note, adapting early to the GDPR requirements is a genuine opportunity to improve your processes and gain a competitive edge by turning compliance into a unique selling point.

Visit our other GDPR pages:


Subscribe to newsletter

Other specialists

Related news

24.02.2017 NL law
District Court The Hague: WhatsApp is more than data transition medium and must appoint Dutch representative

Short Reads - On 22 July 2015, the Dutch Data Protection Authority ("DPA") imposed an order on WhatsApp Inc., backed by a penalty for non-compliance. The DPA concluded that WhatsApp must appoint a representative in the Netherlands within three months, subject to a penalty of €10,000 per day with a maximum of €1,000,000.

Read more

24.02.2017 BE law
Skype Luxembourg condemned in Belgium for refusing to set up wiretap

Articles - In a judgment of 27 October 2016, the Correctional Court of Mechelen condemned Skype Communications SARL, a Luxembourg-based entity, for refusing to set up a wiretap that was ordered by the investigating magistrate (“Onderzoeksrechter”/”juge d’instruction”) in Mechelen. The wiretap was ordered as part of an investigation into a Skype user.

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy and Cookie Policy