GDPR resources

The new data protection legislation is in effect! Are you compliant?

Answers to key GDPR questions

What is GDPR?

GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for EU residents. This legal framework replaces the current EU Data Protection Directive (95/46/EC) with additional requirements that you need to be aware of. The new EU data protection regime extends the scope of the EU data protection law to all companies even outside the EU when they process data of EU residents.

About GDPR for B2B and B2C

GDPR makes no distinction between B2B and B2C and applies for both of them. Even though PECR (Privacy and Electronic Communications Regulations) allowed soft opt-out approach in email marketing, the new ePrivacy Directive is under review and is going to align with the GDPR.

When will GDPR be enforced/applied?

GDPR will officially apply from 25th May 2018, at which time those companies or organisations in non-compliance may be subject to fines.

Who does GDPR apply to?

GDPR applies to persons and entities of all sizes that process personal data of EU residents, regardless of where they are based. These regulations apply to both data controllers and data processors, including third parties such as cloud providers.

Where does GDPR apply?

It applies to all 28 EU member states and to entities and organisations outside the EU when processing the data of citizens within it.

Does Brexit affect the ruling of GDPR?

No. GDPR comes into effect before the UK officially leaves the European Union on March, 29th 2019. An equivalent set of data protection regulations need to be in place to continue trading with the EU.

What is the fine for non respect with the GDPR?

The maximum penalty for organizations in non-compliance with GDPR can be up to €20 million or 4% of annual global turnover, whichever is greater. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

GDPR resources

Hermes with a sward ready to fight

GDPR SOS kit for marketers

GDPR came into effect in May 2018, and still a large number of small-to-medium size companies are still not sure, or not confident, they are GDPR compliant...

Read more

Hermes defending the private sign

Email compliance audit: GDPR, CAN-SPAM, and CCPA

If a historian was ever to document the story of email marketing, we suspect they would look at it from the perspective of before-GDPR and after-GDPR. GDPR wasn’t...

Read more

Hermes and a Goddess panic while being recorded next to a three-headed dog

Data privacy and security at Mailjet

We just introduced Pathwire, our new parent brand to bring together our Mailgun and Mailjet product sets. While we’re very excited with...

Read more

It's never been easier to build connected experiences. Start sending today.Get started on your path
CTA icon