Does GDPR apply to companies outside the EU?

Yes. GDPR applies to any organisation worldwide that processes personal data of individuals in the EEA, if the processing relates to offering goods or services to, or monitoring the behaviour of, those individuals.

What are the maximum GDPR fines?

The most serious infringements can result in fines of up to €20 million or 4% of annual global turnover, whichever is higher. Lower-tier fines of up to €10 million or 2% of turnover apply to other violations.

Do I need a Data Protection Officer (DPO)?

A DPO is mandatory for public authorities, organisations whose core activities involve large-scale systematic monitoring, or those processing special categories of data at scale. Even when not mandatory, appointing a DPO is considered best practice.

All Frameworks

99 Controls

GDPR

General Data Protection Regulation

The GDPR is a comprehensive EU data protection law applying to organisations processing personal data of EU residents, regardless of the organisation’s location. It emphasises transparency, security, accountability, and data subject rights.

Start Free Trial Request Demo

Ideal For

Companies with EU CustomersE-commerceMarketing PlatformsAnalytics Companies

What is GDPR?

The GDPR is a comprehensive EU data protection law applying to organisations processing personal data of EU residents, regardless of the organisation’s location. It emphasises transparency, security, accountability, and data subject rights.

GDPR applies to any organisation, regardless of location, that processes personal data of individuals in the European Economic Area (EEA). This includes companies offering goods or services to EU residents, monitoring the behaviour of EU residents, or employing people in the EU. Both data controllers and data processors are subject to GDPR obligations.

Key Requirements

Core areas of GDPR that organisations must address.

Establish a lawful basis for processing personal data

Uphold data subject rights (access, erasure, portability, etc.)

Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing

Appoint a Data Protection Officer where required

Implement appropriate technical and organisational measures

Report personal data breaches within 72 hours

How GRCTrack Supports GDPR

Data subject rights management

Lawful basis documentation

DPIA templates

Cross-border transfer compliance

DPA templates

Breach notification workflows

Avoid Heavy Fines

GDPR fines can reach €20M or 4% of revenue.

Global Best Practice

GDPR often satisfies other privacy regulations.

Customer Confidence

Show EU customers you take privacy seriously.

Frequently Asked Questions

Ready to Simplify GDPR Compliance?

Join hundreds of organisations using GRCTrack to manage compliance.

Start Free Trial View All Frameworks