Over $100 Million raised and invested for innovative and disruptive companies via Reg CF, Reg D and Reg A offerings.


What is GDPR? Everything entrepreneurs need to know

  • May 22, 2018
  • 3 min read

Thanks to the wealth of emails sent out by the various tools and services you use, you’ve likely realized that the EU recently passed a new regulation for user privacy.

If you haven’t taken the time to read any of those emails, you could be in for a surprise. So what is GDPR? And why you should care about it:

First off, what is GDPR? And what does it stand for?

GDPR 2018 stands for General Data Protection Regulation and will take in effect on the 25th of May 2018. It’s a new regulation that will take place across the EU, with increased user privacy and strict, severe punishments for companies that fail to protect personal data.

Who does this affect?

Any company that sells to customers in the EU, including US and UK based companies.

How is user privacy changing?

The big change for companies will involve their data collection process and infrastructure. Everything from what is collected, where it is collected, how the data is used, and how it is secured is covered in GDPR 2018.

Tracking will still be allowed, but companies need to be careful that they are doing it in the correct way. You will need to get a user’s explicit consent and provide them with the ability to opt out at any time. Additionally, this consent must be asked for in simple language and exclusive from other asks (such as opting in to receiving marketing emails)

As an example, a proper email collection form should now have two checkboxes asking consent. One to opt into marketing and sales emails and the other to provide consent for the collection and usage of their data.

7 Key Points to Keep in Mind

While you should definitely read the full document, you won’t be alone if you fell asleep during the second page! Don’t worry, we’re here to answer all your “What is GDPR?” questions. There are 7 main points that GDPR emphasizes:

  1. User consent to tracking and the ability to opt out at any time
  2. Data breach notifications within 72 hours of a breach
  3. The user’s ability to access their own data
  4. The right to be forgotten, so at any point a customer can permanently delete all of their own data
  5. Data portability, or the right for a consumer to download and reuse the data elsewhere
  6. Emphasis on companies doing the most to protect consumer data
  7. Companies with over 250 employees must appoint a data protection officer.

Severe Penalties for Companies Which Don’t Comply

One of the biggest reasons companies will need to take GDPR seriously is the severe fines which would apply in the event of a breaching of these regulations. Companies that misuse data are able to be fined €20 million, or 4 percent of turnover — whichever is larger.

This fine could easily cripple a small business, and put a large hurting on even larger businesses. This means that it’s critical for you and your business to adhere to these regulations.

Useful links for GDPR 2018:

Arora Project is a full service marketing agency featuring a 100% success rate for crowdfunding campaigns. Interested in working with us? Explore how we can help your business.

Join Our Equity Investor Network

Members gain exclusive early access to investing opportunities and discounted valuations.