By Mira Suleimenova
Compliant data processing: the GDPR explained
The GDPR is the centerpiece of EU privacy law. It applies to the processing of all personal data, i.e. data, which can be attributed to a specific person.
After the initial access to the information on the end user device through cookies or other web trackers is established, all of your subsequent processing, e.g. forwarding usage data for reach measurement or targeted advertising, is no longer covered by the ePrivacy Directive and is to be measured solely against the standard of the GDPR.
Controller & Processor
If you operate a website, you are considered a controller within the meaning of GDPR regarding the processes you have influence on, namely the collection and transmission of personal data on your website. Therefore, you must thoroughly inform your visitors about the scope, purpose and legal basis of your data processing.
If you let another (natural or legal) person process the personal data on your website for you, this person is considered a processor under GDPR. In such cases, you must conclude a data processing agreement with your processors, which guarantees compliance with the GDPR level of data protection through sufficient technical and organizational measures.
Data processing legal bases & activities
The GDPR gives you more flexibility regarding the justification of your data processing than the ePrivacy Directive as there are more legal bases available. Commonly, data processing is based either on user consent, performance of contract or a legitimate interest. The pursuit of a legitimate interest comes into consideration only if the processing is necessary for your legitimate interests.
Please be aware that this only serves informational purposes and does not constitute legal advice.