General Data Protection Regulation
What you need to know


What is GDPR?

The General Data Protection Regulation is a new data privacy law that aims to protect and empower the rights of the EU citizens regarding how their personal data is used.

The GDPR will strengthen individuals' rights and will impact all organizations across the region processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.

The European General Data Protection Regulation came into force on May 25, 2018.

What does
it mean
for your

The GDPR applies to any organization inside or outside the European Union who is offering goods or services to, and/or tracking the behaviors of EU citizens. That means that if you do business with Europeans that involves the processing of their personal data, this legislation applies to you.

Key Challenges

The new regulation impact businesses in many ways. Privacy and data protection will be part of a company’s core requirements leading the way in data collection and storage.

All organisations should properly prepare and comply with the new policies, otherwise they can be fined up to 4% of annual global turnover or €20 Million. It is important to note that these rules apply to both data controllers and processors.


As privacy plays a key role in earning customers’ trust, the GDPR is a great opportunity to connect and re-engage with your customers. How? Businesses can deliver customer experiences that are informed by their understanding of customers’ behavior and preferences.

Data and analytics leaders can use GDPR changes to increase the value of data and enable greater flexibility and agility in accessing them.

QIVOS’ commitment & preparation

QIVOS has taken steps to ensure compliance with the GDPR, including:


Consulting with an outside advisor team to assess QIVOS’ current policies & practices

Organizational compliance

Optimizing & ensuring the appropriate technical and organisational measures implementation

Data mapping

Mapping the data flow


Implementing an audit procedure

Refining Contracts

Ensuring that all contracts have appropriate clauses regarding the collection & use of personal data


Implementing repeated mandatory Information Security & Data Protection training sessions for staff

Related resources

Getting Ready for GDPR

The European GDPR deadline is officially set for May 25, 2018, forcing every business that is collecting, handling and analyzing personal data in the European Union to be GDPR-compliant by that date. Find everything you need to get prepared for the GDPR on our latest blog post.

Read more

*Note: The information contained in this page is for general guidance only. This is not legal guidance for any GDPR compliance obligations.

How to become GDPR compliant

Find out how QIVOS can support your GDPR compliance efforts