Does it apply to you?

Whether you are a small business, an SME, a non-profit organisation, or self-employed, if you process data relating to individuals (clients, prospects, employees, users, etc.), the GDPR applies to you. This is not a choice, but a legal obligation for all organisations established in Europe — or targeting individuals located in Europe.

This means that even if you are based outside the EU (UAE, USA, Canada, UK, etc.), your organisation is subject to the GDPR if your product or service targets EU residents.

But what exactly is personal data?

Personal data is any information that can directly or indirectly identify an individual: name, email address, phone number, IP address, health data, banking details… These are the pieces of information entrusted to you by your clients, employees, or partners — and for which you bear the responsibility to protect.

Why is it important to act?

GDPR compliance is not just about avoiding administrative penalties (which can reach up to 4% of annual turnover). It is also:

• A mark of credibility and trust towards your partners and clients.

• A criterion increasingly scrutinised when signing contracts or bidding for tenders.

• A way to genuinely protect the individuals whose data you process — by reducing the risk of breaches, leaks, or misuse.