what is gdpr


The GDPR was introduced in 2016 to reflect the large increase in personal data collected and stored by companies. How do you know you need to comply?

Well, if you hold data about your customers—even something as basic as an email list—you have to comply with GDPR. The same applies if you’re a bank, a start-up, a charity, or a blogger. The bottom line? If you have other people’s personal information, you should comply—just to be safe. So, are you wondering how you can safely collect data and be GDPR compliant as of 2023?

You must have sensed by now that we have a thing for explaining things starting with “how not to do it” examples, and that’s simply because we want to save you precious time. To put it simply, you have to ensure nobody on your list receives an email or newsletter they’ve never signed up for.


Now that you know what GDPR is, let’s see what are the 3 steps that need to be undergone to stay within the law:
  1. First, establish what rights you have to send marketing emails to your current marketing database. Was there opt-in consent? Were the subscribers given the right to opt out? Was there an unsubscribe link in every email sent to them? If you got consent, was it of the quality required under GDPR? If not, you need to get GDPR quality consent before sending your marketing emails. That means consent must be:
  • given freely 
  • specific
  • informed
  • unambiguous
  • able to be revoked


Consent is one of the easiest ways to avoid large GDPR fines because it allows you to do just about anything with the data. provided you clearly explain what you’re going to do with it and obtain explicit permission from the data subject.

No matter the size of the company, in the absence of solid consent, fines do happen.  Google learned this by way of a €50 million fine as data protection authorities unraveled the company’s version of obtaining consent, which was neither “informed” nor “unambiguous” or “specific.”

  1. Second, make sure that your privacy policy makes it clear to individuals how you use their personal data for marketing and how they can choose not to receive such marketing.
  2. Finally, you also need the right processes in place to ensure that any individuals who want to be removed from your databases get removed.


For more information regarding the implementation of GDPR in Romania, there’s Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal’s website to be explored in detail. 

An analysis powered by Digital Kitchen!