It’s been almost a year since we were flooded by the emails stating changes in the privacy policy which certainly were due to the enforcement of General Data Protection regulation abbreviated as GDPR. Set by European Union, GDPR is said to be the world’s strongest data regulation till date. In simple words GDPR is regulated to provide security to the data of EU citizens. It also aims in providing individuals with transparency of their own data.

GDPR compliance is applicable on all the firms set in EU as well as any other firm present anywhere on the globe which is dealing with the data of EU citizens while providing them their goods and services.

Coming to why this GDPR thing came into force? Well apart from the fact that an individual should be given full right to ensure the security and privacy of their data, an increasing rate of data breach associated with several global firms instigated EU to update their data protection act and come up with something stronger than the earlier one. Digitalisation or surge in internet usage allowed international transactions of goods and services which is expected to increase in the coming future. A study even showed that 46% of business set in UK have faced cyber attack in 2016 which created an alarming issue to deal with.

Let’s dig a little more on the foundation of GDPR, however there is an official GDPR document containing several chapters and clauses, yet there are 7 principles which have been used as a base to formulate the GDPR. These principles set a standard for the data security of individuals.


  • Collection and processing of data should be executed keeping in mind the three most important factors which are lawfulness, fairness and transparency
  • Clarification and limitation of the purpose i.e., the data should be collected for a particular purpose already known to the data subject or individual and should not be processed any further
  • Limited and adequate amount of data should be collected
  • Data should be stored accurately and must be kept up to date
  • The processing/storage of the personal data should be performed for a limited period of time, mostly until the legitimate purpose has been met
  • The integrity and confidentiality of the personal data should be maintained throughout the processing
  • It is also required that the controller of the personal data should be accountable to manage and maintain the data from collection till its deletion 


After understanding the principles comes the main step i.e., becoming GDPR compliant. Weather your firm falls in the category to be GDPR compliant or not, having a crisp knowledge on GDPR compliance will help you penetrate your business in the EU market.


  • Start with updating your privacy policy according to the norms of GDPR
  • Allow the clients to view, delete or move their data according to their requirement
  • Design your system in a way that it provides the highest level of security from start to end of data processing 


Companies should also make sure to inform their clients within 72 hours of the data breach activity. Depending upon the company’s structure a Data Protection Officer should also be appointed to maintain data security of the individuals. GDPR also states a whopping fine of € 20 million or 4% of the company’s annual revenue, whichever is higher, in case of any violation.