Are you ready for the most stringent data protection law in history?

As long as customers and partners are from the European Union, you can’t stay out

The European Union has established a European privacy law-the General Data Protection Regulation (GDPR) came into force on May 25, 2018, establishing a new set of global standards for the privacy and security of personal data, and Applicable to every organization in the world.

What is GDPR

The personal information protection framework developed by the European Parliament, the European Council and the European Commission. "EU General Data Protection Regulation". The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC, which aims to coordinate data privacy laws across Europe, protect and authorize the data privacy of all EU citizens, and reshape the privacy of the organization's data processing methods throughout the region .

GDPR is the biggest change in data protection law in 30 years. It updates the current laws promulgated before the advent of Facebook, LinkedIn and the cloud, and unifies the data protection laws of all 28 EU member states.

The regulations enjoy extraterritoriality, which means that the GDPR will affect all companies that access or process the personal data of EU residents, regardless of where the company is located and how the data is collected.

Who is affected by GDPR

You can use the "EU Personal Assets Law" to understand the GDPR from this perspective. From snack bars to multinational companies, as long as your company has access to EU citizens and owns their personal assets, GDPR regulations apply:

There are EU customers

Such as restaurants, hotels, travel agencies, taxis, e-commerce shopping platforms, etc., with customer credit card information and membership information

Applicable GDPR

Companies with EU employees or EU suppliers are subject to GDPR

Employees, suppliers, third parties, partners, you may have their insurance information, salary records, contact information, etc.

Applicable GDPR

Non-profit organizations and government agencies, also applicable to GDPR

Volunteers, members, sponsors, donors, consultants of the organization... are EU citizens. If you have their contact information, tax information, etc., they are subject to the GDPR

Applicable GDPR

If you do this, you violate the GDPR

  • Inadequate protection of personal information of EU citizens, such as data leakage or ransomware attacks
  • Use the personal assets of EU citizens, deviate from the agreed purpose, or lack legitimacy
  • Failing to give the individual parties their due rights
  • Failure to adopt sufficient security technology to protect personal data, or fail to save historical records of the use of personal data
Agency Access

Strong punishment

The fine is the total annual global turnover of 4%, up to 20 million euros

This is the image caption

Companies or organizations in China and Taiwan affected by GDPR

In China and Taiwan, organizations in the following three situations will be affected by GDPR:

  • The company has subsidiaries, branches, sales offices and representative offices in the EU
  • The company provides goods and services from China and Taiwan to the EU
  • Entrusted to process personal data from the European Union (data center business entities, cloud providers, etc.)

For example, if you set up a branch or sales office in the European Union and hire local employees as employees, you need to take measures to protect employees' personal data in accordance with the GDPR. Many companies have developed personal information protection management measures in accordance with the EU Data Protection Directive enacted in 1995. Therefore, prior to the implementation of GDPR in 2018, stricter correspondence education is necessary.

In addition, even if you do not have an overseas base, EU residents will enter the name, phone number, credit card number, etc. when purchasing products from the Chinese and Taiwanese websites, which must also meet the GDPR.

As long as you contact EU citizens and own their personal assets, GDPR regulations apply

[cp_modal id=”cp_id_8db93″]Download the GDPR brochure[/cp_modal]

Is your website GDPR up?



How should companies respond under GDPR?

The GDPR has caused a lot of discussion because of the data that will be used in the digital advertising ecosystem, such as cookies, IP, device identification codes (including Google Advertising ID (AAID) for Android, advertising ID for iOS devices (IDFA), Device Fingerprint is counted), geographic location (GPS coordinates, or geographic area known by IP reverse inference), etc. are all classified as personal privacy data of EU citizens. Therefore, in order to meet GDPR regulations, the website owner must inform and seek the consent of the website visitors.

1. Content preparation: the company's GDPR description text is clear and clear

  • The internal "service agreement" and "privacy clause" of the enterprise need to be adjusted accordingly to the GDPR, and a rule description document suitable for the enterprise's own situation should be formulated.
  • Clearly indicate the data that the company will collect, use, and the user's license or rights to revoke the license.
  • Guarantee the multi-language version, do not use different languages, etc., to obtain the user's permission by vague regulations.

2. New users: clearly inform the rights and interests of the form entry

  • Set up an obvious notification window for all data collection entrances such as subscription and registration.
  • The location is eye-catching and the content is clear and clear.
  • There can be no automatic check of mandatory consent, and it can be used only after obtaining the user's subjective permission.

3. Existing members: users complete authorization independently.

  • Send permission application emails to all existing member users. Unauthorized users will continue to send it after three days and get authorization as soon as possible. (Email template can directly use background template)
  • The user clicks the "DO IT NOW" button in the email to jump to the "GDPR" authorization link.
  • There can be no automatic check of mandatory consent, and it can be used only after obtaining the user's subjective permission.

4. Existing members: Allow to revoke or modify authorization at any time

  • For users who have not clearly responded to whether they are authorized or not, as well as users who have been permitted, in each subsequent email push, it is necessary to set an obvious revocation permission flag.
  • Allow users to cancel authorization at any time.
  • Allow users to modify the content of personal messages at any time.
The most complete solution for GDPR

GDPR came into effect on May 25, 2018

GDPR is known as the most stringent personal privacy information protection law in history, which means that the EU will fully open the era of personal privacy protection in legal form.

Are you ready for the EU GDPR on the road?

[cp_modal id=”cp_id_adbb7″]I want GDPR[/cp_modal]