Debitoor Dictionary

Accounting terms explained simply

Over 300 Articles for Founders and Entrepreneurs

  1. Companies Act 2006
  2. Data Protection Act

GDPR - What is the GDPR?

The Generalised Data Processing Regulation (GDPR) is a series of laws set in place May 25th, 2018 addressing how businesses gather and handle the private data of individuals

Learn more about GDPR compliance and what Debitoor has done to ensure the highest levels of security for users.

The GDPR is a new set of laws that affects business based in the EU and also any foreign business operating in the EU. All businesses must comply by the deadline or will encounter hefty fines.

The need to respect the privacy rights of the individual is behind the new regulation, ensuring that all information is gathered with consent, which can be withdrawn by the individual at any time.

Why is the GDPR being implemented?

The GDPR has been introduced as a means for unifying how businesses collect the data of a visitor to any of their websites or as a user if an online service is offered.

The changes in the methods and reasoning behind collecting data on individuals online have resulted in the need for an updated approach to data handling in terms of businesses.

While current regulations do exist across the EU, the coverage, enforcement, and penalties involved differ greatly. The GDPR will standardise every element of the regulation and shape how private data is collected and processed by any company operating in the EU.

The GDPR aims to increase transparency of how websites and business handle the private data that can be gathered from a variety of activities online. It also requires that any breaches that expose any private data gathered must be reported to the proper authorities within 72 hours of the risk being discovered in order to minimise exposure and potential harm.

What does the GDPR mean for me?

The new regulations put the rights of the individual first and result in businesses being upfront about why and how private data is used.

As an individual online, under the GDPR, it will be necessary to accept modified Terms & Conditions for many of the online services you’re already using. Most companies will also need to publicly publish a privacy policy, as well as a document detailing how data is processed (Data Processing Agreement).

The GDPR gives additional rights to individuals regarding their data, namely that it will be possible to:

  • Consent/remove consent to receiving marketing emails
  • Request and export all of your data from any business
  • Invoke the ‘right to be forgotten’
  • Enquire for more information about how a business complies

If you are operating a small business or website, then it is highly possible that the GDPR applies to you. If your website uses cookies, requires a log in, or if you send a newsletter to readers, it could be necessary to make some important changes. To find out more about how the GDPR applies:

What has Debitoor done to comply?

Debitoor treats the security of user and visitor data as utmost priority and has taken a series of steps to ensure that all data collection and processing complies to the GDPR.

Steps toward compliance were broken down to a three-phase process to meet each essential point after an additional through review of existing practices. We then analysed which changes needed to be made, and undertook the necessary tasks to ensure total compliance.