Skip to main content
Uncategorized

What is GDPR?

By November 24, 2025December 2nd, 2025No Comments

What is is GDPR?

GDPR is the EU‘s personal data protection regulation. In short, GDPR sets the framework for how organizations collect, use, store and share personal data (anything that can identify a person – e.g. name, email, photo, IP address).

Why it matters: If you have customers, employees, candidates or web visitors in the EU/EEA, GDPR applies regardless of whether you are based in the Nordics or deliver to EU markets.

The basic idea – without legalese

GDPR asks you to:

  • Be clear and fair about what you collect and why
  • collect only what is necessary, keep data accurate, and delete when purpose is achieved
  • Protect data from loss and misuse
  • Be able to document that you comply with the rules

It corresponds to the principles: lawfulness, fairness & transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity & confidentiality; and accountability.

5 everyday examples (and what GDPR expects)

  1. Newsletters: Tell what you get and how to unsubscribe; don’t add people to other lists without a valid reason.
  2. Recruitment: Set deletion deadlines for applications; limit who can see them.
  3. CCTV at reception: Set up signage, set retention periods and control access.
  4. Customer service tickets: Save only what is necessary to resolve the issue; avoid copying sensitive data in chat tools.
  5. Employee photos on intranet: Use a legal basis (often legitimate interest); provide the option to opt-out where appropriate.

Roles and agreements?

  • Data controller: determines the purpose and means (e.g. your company running payroll).
  • Data processor: processes data on your behalf (e.g. your payroll provider).

Always create a data processing agreement (DPA) with suppliers.

What is GDPR is not is?

  • Not just “consent”. There are six lawful bases for processing – consent is only one.
  • Not just an IT projectHR, Marketing, Sales, Sales, Finance also work with personal data.
  • Not a one-off task-it’s ongoing governance.

Three quick next steps

  1. Map data per department: What is collected, why, where is it stored, who has access, how long do you store?
  2. Choose legal basis + retention: For recruitment, CRM, CCTV, cookies etc.
  3. Train everyoneso everyday decisions match the rules and can be documented by audit.

Get your entire organization up to speedfast

Grape’s GDPR Course Gives the team a handle on the most important things in 30 minutes, available in Danish and Englishand is developed in collaboration with Hopp & Partners as 7 focused modules. The course can be customized to your organizationto fit your policies and context.

That’s why customers choose it: Easy startup, content from leading experts, and the ability to customize-so you can both raise knowledge levels and document training.

SEE MORE about GDPR