GDPR applies to your business if
at least one EU Member State is mentioned in the context of the proposed good or service
there is marketing activity in the EU
targeting people living in the EU
international nature of the activity, such as tourism
mention of addresses or telephone numbers for communication with users in the EU
delivery of goods is offered
demonstration of clients / cases from the EU
European domain (eu, de, nl, pl, es, etc.)
instructions on how to get to the place of service
Internal policy in the company, which regulates the actions of employees, in cases of requests from users on issues related to personal data protection
Signing a Data Transfer Agreement and a Data Processing Agreement between the company and each data processor (for example: developers in Ukraine, etc.).
All elements of external compliance;
Conducting Data Protection Impact Assessment;
Creating a complete package of internal policies in the company, regarding its processes and bringing such processes in line with such policies (including compliance with technical requirements, appointment of responsible persons in the company for specific processes).