GDPR Compliance in 2020 – Still required?

The European Parliament adopted GDPR, a user data protection plan, in 2016 and effected it in 2018. Since then, many businesses have transitioned into compliance. The General Data Privacy Regulations give EU residents protection rights and privileges concerning their data.

Although designed to protect the data rights of EU citizens, GDPR applies to companies all over the world. All businesses are required to ensure that consumer data is gathered legally and handled responsibly to avoid exploitation of the data owners’ rights. Non-compliance attracts hefty fines of up to €10 million or 4% of the company’s annual global turnover.


Does GDPR Apply to My Clients’ Business?


The General Data Protection Regulation applies to your clients if:


Your Clients’ Process Data: You may have heard cloud platforms and service providers argue that GDPR does not apply to their business because they do not control or create data. However, non-EU service providers must conform if their platforms include EU citizens.


Your Clients’ Intentionally Sell to EU Citizens: An online business selling products outside the EU might not be required to comply with GDPR if their products unintentionally end up being purchased by an EU citizen. However, if the business purposefully targets EU buyers, they are required to comply with GDPR.


Your Client Tracks EU Citizens: The point of GDPR is to protect individuals from losing their data. Whether there are financial transactions involved or not, if your client’s business knowingly tracks EU citizens, it is required to be compliant.


Your Clients Have Stable EU Representation: Stable representation means the business has agents, employees, or branches operating from or living in the EU. Any business that has enduring ties to an EU location must be compliant with GDPR rules.


When is GDPR Inapplicable?


There are only two exemptions to GDPR.


If the business is accessible by citizens in the EU but has no connection with the EU, then your client is exempt from GDPR. If your clients’ business website is accessible to buyers in the EU, it is not necessarily GDPR liable.


If your clients’ buyers travel to the EU GDPR does not apply to the business. If a business targets individuals outside the EU and the buyers travel or receive goods in the EU, it is exempted from the GDPR rules.


How Do You Make Your Client’s Websites GDPR Compliant


The GDPR requires site owners to have explicit consent from visitors concerning collecting, storing, processing, and sharing their data. This means your client’s website cannot request consent using hidden, vague, or blanket meanings, pre-checked boxes, or consent by default forms. The site must obtain consent separately and visitors must be allowed to withdraw permission at any time.


Other requirements include;


  • Visitors must know the site is collecting data
  • Website owners must protect their visitors’ privacy using robust data protection plans
  • Visitors must be able to access their data and even transfer it to another merchant
  • In case of a data breach, the website owner must inform users within 72 hours and give them the right to completely delete their data.


If you’re still unsure whether GDPR compliance is required in 2020, the simple answer is yes. If your clients fall under any of the categories listed above, they are still required to comply with the rules or risk hefty fines. To find out more about how your agency can help its clients get and remain GDPR compliant contact us on 01257 758 078 or email us at