Opening time
Mon-Fri: 09.00 -17.00
Chinese language

24/7 GDPR


The General Data Protection Regulation (GDPR) is a new European data protection regulation adopted by the EU Commission. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR became effective on May 25, 2018 and will strengthen security of and regulate personal data in the broadest sense. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled. We would like to provide you with answers to some of the questions that we hear time and time again from our customers. We also want to provide an update on what GELD DATA d.o.o. has done to ensure that You will be ready for GDPR and what services we offer to our customers to help them meet their compliance obligations.

Learn more

our services

We are EU based advisory firm that has experience in dealing with GDPR requirements in complex international environments and personal data security management. Contact us and find more. 

International SUPPORT

As a company with roots in Europe, GELD DATA is very much up to speed with the implications that the EU General Data Protection Regulation has for businesses. Any U.S. company that has identified a market in an EU country and has localized Web content should review their Web operations. Let us help You with '72-hour breach reporting, stronger consumer consent and high fines'.

DPO as a service (GDPR)

DPO as a service is a practical and cost-effective solution for organisations that don’t have the requisite data protection expertise and knowledge to fulfil their data protection officer (DPO) obligations under the General Data Protection Regulation (GDPR).  By outsourcing DPO tasks and duties to a managed service provider, you get access to expert advice and guidance that helps you to address the compliance demands of the GDPR while staying focused on your core business activities. Enquire about this service now.

Competitive rates

The maximum fine for companies in breach of the GDPR will be $21.5 million, or 4 per cent of annual revenue, whichever is higher. Our rates are much cheaper. 


If You need response, we are here for You 24/7. It is imperative the business in question acts urgently to become compliant. Demonstrating strong data rights management is important to both customers and employees; they should understand why the data is collected and how it is handled on a legal basis. Current business data processes need to be looked at as an immediate priority so that the company doesn’t risk non-compliance penalties.

Quality protection

Our team has extensive experience with both, the US and the EU privacy regulation. To help our clients simultaneously deal with multiple privacy requirements, we specialized in designing and implementing personal data management systems – comprehensive combinations of organisational structures, deployed responsibilities, organisational and technical controls designed to perfectly fit into the organisation and merge with existing risk and compliance management processes. Multidisciplinary team consisted of experienced legal and information security experts has extensive experience in GDPR implementation for organizations of various sizes doing business in number of industries.


Most businesses today, especially innovative ones, collect and process personal data. We appreciate the privacy needs of GELD DATA users as well as their customers and, as such, have implemented — and will continue to improve — technical and organizational measures in line with the GDPR to safeguard the personal data.


GELD DATA team combines business, technical and legal expertise and experience to provide best in class IT risk and compliance services to it’s clients. 

International transfers of personal data

When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data.

The reform of EU data protection legislation adopted in 2016 offers a diversified toolkit of mechanisms to transfer data to third countries: adequacy decisions, standard contractual rules, binding corporate rules, certification mechanism, codes of conduct, so-called "derogations" etc.

01. EU-US Privacy Shield

The EU-US Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016. This framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. The framework also brings legal clarity for businesses relying on transatlantic data transfers.

02. Adequacy decisions

The European Commission has the power to determine, on the basis of article 45 of Regulation (EU) 2016/679 whether a country outside the EU offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into.

03. International data transfers using model contracts

The European Commission can decide that standard contractual clauses offer sufficient safeguards on data protection for the data to be transferred internationally.  It has so far issued two sets of standard contractual clauses for data transfers from data controllers in the EU to data controllers established outside the EU or European Economic Area (EEA). It has also issued one set of contractual clauses for data transfers from controllers in the EU to processors established outside the EU or EEA

04. What are Data Protection Authorities (DPAs)?

DPAs are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation and the relevant national laws. There is one in each EU Member State.  Generally speaking, the main contact point for questions on data protection is the DPA in the EU Member State where your company/organisation is based. However, if your company/organisation processes data in different EU Member States or is part of a group of companies established in different EU Member States, that main contact point may be a DPA in another EU Member State.  

05. What are binding corporate rules?

Binding corporate rules are internal rules for data transfers within multinational companies.  Binding corporate rules are like a code of conduct. They allow multinational companies to transfer personal data internationally within the same corporate group to countries that do not provide an adequate level of protection. Binding corporate rules ensure that all data transfers within a corporate group are safe.

06. What is happening across the world?

The GDPR is now the strongest data protection regime in the world, leading many  to hope that it will set a ‘gold standard’ for other jurisdictions. Globally, there is an increasing growth in data protection laws, many of which have been modelled on  comprehensive guidelines or regulation such as the EU Directive mentioned above, or the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data3 .According to UNCTAD data protection tracker 4, over 100 countries around the world now have data protection laws in place. 


The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ are not exempt from GDPR enforcement.

The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

Yes. If you offer your goods or services to any EU residents, then you must comply with GDPR. 


DATA CONTENT is here to provide you with more information, answer any question you may have and create an effective solution for your needs.  

Address Selska 90A,
10000 Zagreb, Croatia
Phone number +385 91 11 11 007
Toll free +38515001019