Contact Information

718-434-2143 | local
866-907-7140 | toll-free
646-349-1055 | fax

800 E 17th St
Brooklyn, NY 11230

Send Email Inquiry

 

GDPR Solutions

Attorney-level compliance solution

QuikSite sets up a hosted GDPR Privacy Policy solution that is constantly updated by 3rd parties. Using our knowledge of the 3rd party applications  connected to your website and how they are used, QuikSite customizes a policy based on modules that are individually updated as needed. You do not need to update your Privacy Policy manually because it is already done through the hosted solution. 

The GDPR Policy is also integrated with a Privacy Policy, a Cookie Policy, and Consent Banners which may be required as part of GDPR compliance. 

The legal consequences for non-compliance can include fines up to EUR 20 million (€20m) or 4% of the annual worldwide turnover

Legal Requirements

GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679) and at its most basic, it specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general). It’s intended to strengthen data protection for all people whose personal information fall within its scope of application, putting personal data control back into their hand.

This scope effectively covers almost all companies and, therefore, means that the GDPR can apply to you whether your organization is based in the EU or not. As a matter of fact, this PwC survey showed that the GDPR is a top data protection priority for up to 92 percent of U.S. companies surveyed.

A common misconception is that only EU users are covered by the protections of the GDPR, however the protections of the GDPR also extend to users outside the EU if the data controller is EU based. Therefore, if you are an EU-based data controller you must, and by default, apply GDPR standards to ALL your users. The GDPR became fully enforceable on May 25th, 2018.

Cross-border Data Transfers

The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions. Under these conditions, the country or region the data is being transferred to must have an “adequate” level of personal data protection by EU standards, or where not considered adequate, transfers may still be allowed under the use of standard contractual clauses (SCCs) or binding corporate rules (BCRs).

The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions. In regards to data transfer to the US, all transfers either require that the data processor adhere to the EU-US Privacy Shield or that informed consent is received from the user (in which case the consent must be given on the basis of sufficiently precise information, including information on the lack of protection in the third country).

Consequences of Non-Compliance

The legal consequences for non-compliance can include fines up to EUR 20 million (€20m) or 4% of the annual worldwide turnover (whichever is greater), but perhaps equally as concerning are the other potential sanctions that may be implemented against organizations found to be in violation. These sanctions include official reprimands (for first-time violations), periodic data protection audits and liability damages.

The GDPR gives users the explicit right to file a complaint with a supervisory authority if they feel that any processing of their personal data was done in violation of GDPR regulations. So for example, if a report is made to the authority about an instance of regulatory violation, the authority may choose to perform an audit of the organization’s data processing operations. If it’s found that some processing activity was done unlawfully, not only is a fine imposed, but the organization may be forbidden from making further use of both the data of the inquiry and data acquired using similar mechanisms. This means that if the improper use was in regards to email address collection, the organization risks being barred from using the entire associated email list.

The GDPR also gives users the right to compensation for any damages resulting from an organization’s non-compliance with regulations, hereby leaving violators open to potential litigation.