If you do business in Europe, you need to know about GDPR

Feb 16, 2018 · 2 min read · Leave a comment
Aricka Flowers GitLab profile

An explainer on the European Union’s General Data Protection Regulation, which is set to take effect in May 2018.

If your company does business involving the personal data of EU residents through the offering of services and goods or otherwise, there's a good chance that your firm may need to be compliant with the European Union’s General Data Protection Regulation (GDPR).

The law will go into effect on May 25 and replaces the EU’s 1995 Data Protection Directive. It’s meant to give EU residents more control over their personal data, specifically in how it is collected, controlled, and processed. As a result, companies that control and/or process the personal information of EU residents for their own company’s purposes, or on behalf of another business, will be required to adhere to GDPR standards.


What counts as personal data?

Personal data includes a vast range of information including social security numbers, gender, location, ethnicity, online identifiers, and genetic or biometric markers, such as fingerprints and facial recognition.

What are data controllers?

Controllers are a company or organization that determines the purpose for and manner in which personal data is processed.

Controllers can also be processors.

What are data processors?

Data processors take the information controllers have accumulated and process the personal information.

What do companies need to do to be compliant?

It is recommended that companies conduct data discovery activities like data mapping and a gap analysis in order to get a true handle on the amount and nature of the personal data they control and process. A recent report from Forrester warned against approaching GDPR readiness from a fragmented framework that relies heavily on IT for specific compliance requirements – like focusing on data breach notifications, stating that such tactics are “short-sighted, and most likely will need radical revision after the enforcement of GDPR rules start in May.”

Failure to comply with the GDPR requirements could result in serious penalties, with the worst case scenario being a fine of €20 million or 4 percent of the company’s previous year’s total global revenue, whichever is greater.

For a more detailed look at the law and how organizations can ensure they’re compliant, check out GitLab’s GDPR page.

Cover image licensed under CC0 1.0

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

Try the GitLab DevOps Platform for free for 30 days

Achieve higher productivity, faster and secure deployments

Start your free trial Maybe later