
Table of contents
On May 25, 2018, the new General Data Protection Regulation (GDPR) came into force. Its application affects all companies, regardless of their size or sector, and non-compliance can lead to fines of up to €20 million or 4% of global turnover, especially if a personal data breach is not managed properly.
This regulation, approved by the European Parliament on April 14, 2016, aims to strengthen the protection of personal data and define how organizations use, store, and process it. It grants individuals new rights and imposes stricter obligations on companies.
Here are some of the key obligations introduced by GDPR that every company should understand.
Territorial scope of the regulation
Unlike previous legislation, which was often ambiguous, GDPR applies not only to all European companies but also to any international company handling the data of EU residents.
This means non-EU companies must appoint a representative within the EU.
Explicit consent for data processing
The rules around consent have become stricter. From May 2018 onwards:
- Consent must be requested in an intelligible, clear, and easily accessible form.
- Plain language must be used to specify how data will be processed.
- Revoking consent must be as easy as giving it.
This reinforces the consumer’s right to transparency and control over their personal information.
Mandatory breach notifications
Previously, only sectors like telecoms or banking were required to notify breaches. Under GDPR, all companies must report data breaches that affect personal data.
- Notifications must be made to the data protection authority and to affected users.
- The deadline is within 72 hours of becoming aware of the breach.
In this context, registered email becomes an essential tool. It allows companies to prove that notifications were sent in a timely and compliant manner, generating legally valid evidence.
The role of the DPO (Data Protection Officer)
The Data Protection Officer (DPO) is a central figure in GDPR compliance. Their responsibility is to oversee data protection strategies and ensure compliance.
When is appointing a DPO mandatory?
- For public bodies and organizations.
- For companies with more than 250 employees.
- For smaller companies when they:
- Carry out systematic and regular monitoring of individuals (e.g., profiling, tracking, or market research).
- Process sensitive data requiring special protection (e.g., health, biometric, or financial solvency data).
FAQs about GDPR and Registered Email
What is the maximum fine for GDPR non-compliance?
Fines can reach €20 million or 4% of global annual turnover, whichever is higher.
How does registered email help with GDPR compliance?
Registered email provides irrefutable proof of notifications, consent requests, and breach communications, ensuring companies can demonstrate compliance to authorities.
Is a DPO mandatory for all companies?
No. A DPO is required for public institutions, large companies, and businesses that regularly monitor data or process sensitive categories of information.
Conclusion: Strengthen GDPR compliance with eEvidence
GDPR compliance is not optional. Companies must adapt to its strict obligations on consent, breach notifications, and data processing.
Using eEvidence Registered Email allows you to prove compliance, avoid disputes, and minimize the risk of severe fines.
Ready to get started?
Contact us to share your business project or register now to start trying our services today