RemotePad Logo

What is an Employer of Record

How to hire globally with an EOR

What is a Global PEO

An alternative to EOR

What is a PEO

Hire locally with a PEO

Our Methodology

Why you can trust our guides

Hire Globally

Find international talents

Outsource Recruitment

How to outsource recruitment

Work Visas

How to get a work visa

Digital Nomad Visas

Get a digital nomad visa

Best Employer of Record (EOR)

Hire globally with the best EOR companies

Best Global PEO

Discover the best international co-employers

Best PEO Companies

Save on payroll and HR costs

Best Global Payroll Providers

Outsource international payroll

Best Relocation Services

Relocate employees internationally

All Reviews

Compare all providers

Where do you need a service provider?

All Countries

Explore our detailed guides for professional advice on international growth, recruitment, compensations strategies, and a curated list of top service providers.

GDPR Policy​

The General Data Protection Regulation (GDPR) is a comprehensive data privacy regulation in the European Union (EU) that governs the collection, use, and protection of personal data. It became enforceable on May 25, 2018. Below is an overview of the key components and content of GDPR:

illu side
  1. Scope and Application: GDPR applies to the processing of personal data of individuals in the European Union, regardless of where the data controller or processor is located. It also applies to organizations outside the EU if they process data of EU residents.

  2. Data Protection Principles: GDPR outlines several fundamental principles for data processing, including lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability.

  3. Data Subject Rights: GDPR grants several rights to data subjects (individuals whose data is being processed). These rights include the right to access, rectify, erase (“right to be forgotten”), restrict processing, data portability, and object to processing.

  4. Lawful Basis for Processing: Organizations must have a lawful basis for processing personal data, such as consent, contractual necessity, legal obligation, vital interests, legitimate interests, or public task.

  5. Consent: If an organization relies on consent as the legal basis for processing, it must be freely given, specific, informed, and unambiguous. Data subjects have the right to withdraw consent at any time.

  6. Data Protection Impact Assessments (DPIAs): DPIAs are required for processing that is likely to result in a high risk to data subjects’ rights and freedoms. They help organizations assess and mitigate risks.

  7. Data Protection Officers (DPOs): Some organizations are required to appoint a Data Protection Officer responsible for ensuring compliance with GDPR.

  8. Data Breach Notification: Organizations must report data breaches to the appropriate supervisory authority within 72 hours of becoming aware of the breach, and in certain cases, notify affected data subjects.

  9. International Data Transfers: GDPR regulates the transfer of personal data outside the EU, requiring safeguards such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

  10. Accountability and Record-keeping: Organizations must demonstrate compliance with GDPR through documentation, policies, and procedures.

  11. Penalties: GDPR imposes significant fines for non-compliance, with fines of up to €20 million or 4% of the global annual turnover, whichever is higher.

  12. Data Protection by Design and Default: Organizations are encouraged to implement data protection measures from the outset of designing systems or processes.

It’s important to note that GDPR is a complex regulation, and compliance can vary depending on the specific circumstances of an organization. Many organizations seek legal counsel or data protection experts to ensure they are in compliance with GDPR to protect the privacy and data rights of individuals. This summary provides an overview, but detailed legal advice and expertise may be needed for full compliance.