General Data Protection Regulation

Effective as of May 2018, the EU's General Data Protection Regulation (GDPR) is said to bring about the most profound change to European data security in 20 years. It applies to any organization operating from the EU or offering goods or services in the EU.


By introducing new ways to collect, store and process data, GDPR aims primarily at giving natural persons better control over their own information. In so doing, it also obliges multinational companies to follow new strict rules (GDPR principles) as to dealing with the data.

Business changes triggered by GDPR

Privacy by design (ensuring data security)

New information duties and procedures

Breach notification schemes

Methods of data collection

Exercise of individual rights (right to be forgotten or right to rectify the data)

Data portability

Accuracy of stored data

Storage limitation

Comarch answer to GDPR

Compliance with norms and regulations is essential for the proper running of the business and for building company-client trust. Comarch provides a wide range of services helping you understand the scope in which GDPR affects your organization - and, most importantly, meet the regulation's vast requirements

Some of GDPR principles that must be adhered to in relation to individuals are the "right to be forgotten", data portability, or refusal to be profiled. First part of them refer to deleting a person's data on their request, and transferring it from one entity to another - in case the person so wishes.  Another new requirement is to inform an individual about who has been given (unauthorized) access to their data, for what purpose and for how long. All is aimed to ensure data security.


GDPR is coming in order to make Europe "fit for the digital age" - as the European Commission puts it. For this reason the regulation covers a wide range of online communication channels including internet telephony or instant messengers, and introduces additional rules for marketing via these channels. It also considers an IP address personal data. The violation of GDPR's provisions may result in administrative penalties of up to EUR 20 million or 4% of annual turnover, whichever is higher.

Get in touch with us!

Keep your data secure. Stay GDPR-compliant. Let us assist you in that.