We are Stibbe General Data Protection Regulation Specialists

Complying with the General Data Protection Regulation (GDPR) – What and how?

General Data Protection Regulation (GDPR)

The GDPR will have a broad impact on your business, both online and offline. So be prepared, and let us help you avoid pitfalls so you can stay focused on the business.  



Why bother about the GDPR?


A new EU Regulation on the processing of personal data.

Since personal data is any information relating to an identified or identifiable natural person, this Regulation will cover any data processing done by a company.

Directly applicable

Unlike Directives, EU Regulations are directly applicable in all EU member states, without the need for national laws to transpose them. Hence, a Regulation is automatically part of the law you need to adhere to.

Applicable from 25 May 2018

Don't fall into the trap of thinking there is plenty of time. The challenges of implementing this Regulation are numerous. In light of the far-reaching consequences, it is essential that you get organized, plan ahead, commit budgets and resources and, above all, ensure timely implementation.

Even if you are located outside the EU

The GDPR will apply to both EU companies and to non-EU companies that (i) process personal data in relation to the offering of goods or services to EU data subjects or (ii) monitor the behaviour of data subjects occurring within the EU.

Even if you “only” process data on behalf of someone else

The GDPR expressly addresses the role and responsibility of data processors, i.e. those entities that process personal data on behalf of another entity that controls the data and the purpose for which they are being processed (i.e. data controllers). For example, a hosting provider is a data processor for the company owning the website and a payroll service provider is a data processor for the employer outsourcing payroll services.

Compliance as a competitive edge

The impressive sanctions and fines for non-compliance with GDPR is one reason to take action. On a more positive note, adapting early to the GDPR requirements is a genuine opportunity to improve your processes and gain a competitive edge by turning compliance into a unique selling point.

Visit our other GDPR pages:


Subscribe to newsletter

Other specialists

Related news

24.02.2017 NL law
Proposal for a Dutch GDPR Implementation Act

Short Reads - The proposal for a Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, "Implementation Act") that seeks to implement the General Data Protection Regulation ("GDPR") was published online on 9 December 2016 for the purpose of public consultation. The GDPR has been adopted on 27 April 2016, and various posts on guidance regarding the contents of the GDPR can be found here.

Read more

24.02.2017 EU law
Article 29 Working Party guidelines on data portability, data protection officers, and lead supervisory authorities

Articles - The General Data Protection Regulation (“GDPR”) will come into effect on 25 May 2018. It will have  significant impact on how companies handle their personal data processing operations, so it is of utmost importance that companies already start implementing compliance processes internally. To this end, the Article 29 Data Protection Working Party (“WP 29”) has published three sets of guidelines that aim to clarify several key legal changes, giving its recommendations on how companies can ensure proper compliance with these new rules.

Read more

24.02.2017 NL law
District Court The Hague: WhatsApp is more than data transition medium and must appoint Dutch representative

Short Reads - On 22 July 2015, the Dutch Data Protection Authority ("DPA") imposed an order on WhatsApp Inc., backed by a penalty for non-compliance. The DPA concluded that WhatsApp must appoint a representative in the Netherlands within three months, subject to a penalty of €10,000 per day with a maximum of €1,000,000.

Read more

24.02.2017 EU law
Quod personalis notitia Iovi, non personalis notitia bovi

Articles - In its decision of 19 October 2016, the Court of Justice of the European Union ("CJEU") clarified the concept of personal data. The Court held that an IP address can be qualified as personal data, even if the processor could only identify the actual user through information on the IP address held by an Internet Service Provider ("ISP").

Read more

24.02.2017 BE law
Belgian Act on “Alert-SMS”: warning messages about imminent danger or major disaster

Short Reads - On 19 December 2016, the Belgian Act on “BE-Alert” or “Alert-SMS” was published in the Belgian Official Gazette (Act of 7 December 2016 inserting an Article 106/1 in the Act of 13 June 2005 on electronic communications). This Act describes the legal framework of the system for mass SMS-notifications to the general population, known as “Alert-SMS”, in the event of imminent danger or major disaster, for example, in the event of terrorist attacks.

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy and Cookie Policy