GDPR compliance: key concepts for you and your clients

GDPR compliance can be convoluted with the various intricacies that the legislation stipulates, so in this article we’ll simplify the compliance process by looking at GDPR key concepts that concern you and your clients.

There are 5 key concepts that we’ll look into:

  • Personal data
  • Consent
  • Penalties
  • Supervisory authority
  • Data breach

Personal data

Come on, you already know this one. Even so, what is and is not personal data should be defined. This is any information that identifies a person in a direct or indirect manner.

That is, everything that can allow you to be recognised or found is personal data. Your name, identifying documents, address, phone number, and even demographic or medical data are all personal data.


Maybe someday we will live in a world where the fact that consent is sacred will not have to be repeated in different areas, but for the moment we do not. Therefore, consent is one of the points on which the GDPR has put more emphasis.  

Before, unless the user said otherwise, they could be accepting a clause. We could even find pre-marked boxes that we often forgot to uncheck, right? Well, this is something that can no longer happen. The express consent of the user is required for it to be legal to possess their data.


You definitely know this word. But you may not be aware of exactly how much the penalties for non compliance of the GDPR can amount to.

The established fines are common throughout the EU and can reach, if you have behaved very badly, 20 million Euros or up to 4% of your company’s revenue, if the second amount is greater than the previous one.

Seeing these numbers, the best advice we can give you, as we always do, is to respect the regulations.

Supervisory authority

This concept is closely related to the previous one. A supervisory authority is an independent figure that is established by an EU member state and is responsible for ensuring GDPR compliance.

In each country, one or more supervisory authorities may be appointed. So, now you know that there is a keen eye keeping track of all data.

Data breach

A data breach is an unequivocal sign that something has gone wrong. It means that the imaginary fence that protects your clients’ data is not strong enough.

If you suffer one, the person responsible must notify the relevant supervisory authority within a maximum of 72 hours.

Would you like some more?

We hope we have helped you along the path to GDPR compliance by defining these five key concepts. But, above all, we hope to have made you want to delve deeper and find out everything related to the General Data Protection Regulation.

Share this article


Article written by

Lisa Hofmann

Lisa ist als TÜV zertifizierte Datenschutzbeauftragte bei Pridatect für die Produktentwicklung der internationalen Datenschutzplattform zuständig. Als studierte Juristin, hat sie über 6 Jahre in diversen Unternehmen Datenschutzprogramme als interne Datenschutzbeauftragte implementiert und verantwortet. Sie ist leidenschaftlich daran interessiert Datensicherheit durch innovative technische Lösungen jedem Unternehmen einfach zugänglich zu machen.

Related articles



Would you like to receive regular updates on data protection and GDPR? Subscribe to our newsletter and you will be the first to receive our new blog articles, webinars and ebooks.

Free Webinars