16. August 2022

Personal data

GDPR-compliant data processing explained

By Mira Suleimenova

Compliant data processing: the GDPR explained

The GDPR is the centerpiece of EU privacy law. It applies to the processing of all personal data, i.e. data, which can be attributed to a specific person.
After the initial access to the information on the end user device through cookies or other web trackers is established, all of your subsequent processing, e.g. forwarding usage data for reach measurement or targeted advertising, is no longer covered by the ePrivacy Directive and is to be measured solely against the standard of the GDPR.

Controller & Processor

If you operate a website, you are considered a controller within the meaning of GDPR regarding the processes you have influence on, namely the collection and transmission of personal data on your website. Therefore, you must thoroughly inform your visitors about the scope, purpose and legal basis of your data processing.

If you let another (natural or legal) person process the personal data on your website for you, this person is considered a processor under GDPR. In such cases, you must conclude a data processing agreement with your processors, which guarantees compliance with the GDPR level of data protection through sufficient technical and organizational measures.

Data processing legal bases & activities

The GDPR gives you more flexibility regarding the justification of your data processing than the ePrivacy Directive as there are more legal bases available. Commonly, data processing is based either on user consent, performance of contract or a legitimate interest. The pursuit of a legitimate interest comes into consideration only if the processing is necessary for your legitimate interests.

Please be aware that this only serves informational purposes and does not constitute legal advice.



The forgotten Data Protection regulation that started it all

Do you know the story of the groundbreaking EU data privacy regulation that threatened to disrupt data flow between the EU and the US? Hint: it’s not the GDPR.


The 3 biggest Challenges for Digital Marketing 2023

What will be important in the coming year? What will pose the most difficult challenges for digital marketing? An analysis from a marketer's point of view.


How DPAs determine the level of GDPR fines

The GDPR applies as a legal basis to all EU data protection authorities. But there is far less uniformity when it comes to the level of fines. How high can they get? A quick guide to what companies can expect.