Compliance Guide

GDPR Compliance Guide for SMEs

Everything you need to know about GDPR compliance for your cybersecurity assessment

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of EU residents, regardless of where the organization is located.

Data Protection Rights

Right to access, rectification, erasure, and portability

Consent Requirements

Clear, specific, and freely given consent

Breach Notification

72-hour notification requirement

Privacy by Design

Built-in privacy protection measures

Penalties & Fines

Lower Tier Violations

Up to €10M

Or 2% of annual global turnover

  • • Inadequate data processing records
  • • Failure to notify supervisory authority
  • • Insufficient impact assessments

Higher Tier Violations

Up to €20M

Or 4% of annual global turnover

  • • Processing without legal basis
  • • Violating data subject rights
  • • Unlawful international transfers