Your Guide to GDPR: A Detailed FAQ


So good you have heard the report that the GDPR i.e. General Data Protection Regulation will be going into full effect and implementation starting on May 25th, 2018. What really does this GDPR stand for, for you, for your business, and even for your customers? For those who are yet to understand what it really means, read on, because this blog content is written specifically for you from INFODATASPHERE.

1. What is GDPR?

Without mincing words, GDPR has one mission and that is to offer EU residents more control and power over their personal data. Presently, the 1998 Data Protection Act – oversees personal data in the United Kingdom. Nonetheless, the EU acknowledged the necessity for much stronger levies for non-compliance & more autonomy over businesses & how they utilize personal data.

2. Why is this GDPR mandate happening now?

Generally, every modern business collates & evaluates personal data. This is evident when you consider just the volume of web forms you must have filled out in the past which includes details related to your email address, first name, last name, employer info, home address, and credit card info among many others.

With so many data being generated on a daily basis, we can agree that data collation rapidly grows every second of the day. In fact, about 91 percent of the data that exists in the world currently – were generated in just only last two years. What more; the present global data output is approximately 2.5 quintillion bytes per day. With the advancement of technology consistently, we become more and more linked, and surely these numbers will keep on expanding, undoubtedly.

Existing legislation is no longer sufficient to keep and administer personal data. To be direct, it only protects images, addresses, and names. In the bid to bring regulation up to speed with the present state of technology, the concept of GDPR will lengthen protection to cover a much wider range of personal data.

3. What sort of data does GDPR take as personal data?

GDPR has its own approved definition of the term ‘personal data’, and it reads as follows:

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


With this in mind, GDPR is designed to secure personal data such as genetic info, IP addresses, and biometric data relating to facial recognition and fingerprints.

4. What demography or set does GDPR really impact?

GDPR applies to any organization or business, in or out of EU that provides products or services to clients within the EU area. Bearing this in mind, it means almost every major company across the world has to plan for GDPR compliance or else risk to face the penalties or fines. Let’s note here also that it is not necessary for a financial transaction to take place before GDPR is applied.

One more vital area with GDPR is the model of data controller versus data processor. Below is an explanation of this:

Data Controller: This is an agency, individual, public institution or some other authority which, on its own or jointly with others, regulates the purposes & means of personal data processing.

Data Processor: This is an agency, individual, public institution or some other authority which processes personal data for the controller.

To explain in other words:

Data Controller: This is someone that controls and is liable for collating and utilizing personal data. To be a data controller, this goes with severe legal responsibilities, thus it is vital that you know whether these rules apply to you as a person or to your company as an entity. If you are unsure, we advise that you reach out to a legal advisor or consult with the Data Protection Commissioner.

Data Processor: This is someone or company that holds or processes personal data, however doesn’t have accountability for or control over it. Instances of these comprise accountants or payroll companies.

This peculiarity is vital for a few causes. Within GDPR, a controller holds majority of the obligation should their company experience a breach. And the processor’s chief duty would be to ensure that any controllers they work with are compliant with GDPR.

If you wish to find out more about controllers and data processors, you can simply check out the official website of GDPR.

5. Being GDPR compliant, what does it mean?

For a business to be GDPR compliant, they will be required to abide by the following key principles:

  • Data must be processed legitimately, impartially, and in a clear way
  • Data can only be collated for indicated, clear, and legitimate reasons
  • The data scope must be sufficient, significant, and limited to what is required
  • It must be correct & up-to-date
  • Data can only be kept for the entire time needed and no lengthier
  • Data must be processed in ways that guarantees correct security of the personal data

We advise that you capitalize in compliance training & legal knowhow if your enterprise falls within GDPR. With this, there will be little room for mistake and will offer you tools you require to secure yourself and clients.

6. If you are not GDPR compliant, what happens?

Businesses that fail to be GDPR compliant will face severe administrative procedures and serious penalties. These come in 2-tiered system, meaning that the more severe the breach, the more grave the consequence.

The extreme penalty is 4 percent of an organization’s global annual revenue or 20 million euros, whichever is uppermost. The lower step of violations can result in an extreme of 2 percent of their yearly worldwide revenue or 10 million euros.

7. What is the precise time that GDPR will officially go into implementation?

GDPR will go into implementation by May 25th, 2018. During this period, any business that doesn’t provide the required level of data protection will receive a penalty.

8. GDPR and its meaning for my customers

GDPR objective is to help secure the personal data of consumers and residents. As such, your EU clients have 8 major rights under the ruling. These are as follows:

The right to be educated! Businesses must be wholly transparent in how they utilize personal data.

The right of entry! Individuals will have the access to know precisely what info is held about them & how it is treated.

The right of restructuring! Individuals will be eligible to have personal data corrected if it’s imprecise or partial.

The right of expurgation! This is also known as ‘the right to be forgotten’ and refers to a person’s right to have their personal data erased or expunged without the need for any particular reason.

The right to limit processing! This refers to an individual’s right to overturn or block processing of their personal data.

The right to data transferability! This permits individuals to keep and reprocess their personal data for their own purpose.

The right to object! In some condition, individuals are permitted to object to their personal data being utilized. This comprises, if a business utilizes personal data for direct marketing purpose, or for historical & scientific research, or for task performance in the public interest.

Rights of automated profiling & decision-making! GDPR has put together – precautions to secure individuals against the risk that a possibly destructive decision is made without human interference. For instance, individuals can opt not to be the subject of a resolution where the magnitude has a legal bearing on them, or is contingent on automated processing.

9. What does GDPR mean for INFODATASPHERE and our clients?

Along with every other business that is affected by this regulation, INFODATASPHERE will be GDPR compliant officially by May 25th, 2018. What this means is that our secure B2B contact database will fully meet personal data privacy requirements as stipulated by GDPR. Likewise, we advise that INFODATASPHERE clients and partners who use, process or control personal data of persons within the EU get ready for the GDPR.

Making it simpler for our clients and partners to comply with this regulation, INFODATASPHERE now provide the choice to choose a default data-set that excludes contact info for individuals recognized as EU citizens. This functionality offers our users the capacity to stay compliant while utilizing our products and services.

For more info about INFODATASPHERE GDPR compliance or to access our GDPR compliant data, please contact us now!

Contact us


Melville Broadhollow 200 Broadhollow Road,
Suite 207, Melville, New York, 11747