What is data protection and why does it matter?

Data protection is governed by local laws, including the EU General Data Protection Regulation (EU GDPR) which took effect on 25 May 2018.  Data Protection law is the regulation over the access to and use of personal data which is collected, processed and stored by automated means or in a structured filing system. It is important to ensure you comply with the data protection regulation when running your business because a failure can result in your business having to pay a large fine or lead to a negative impact on your company’s reputation.

To figure out whether you should be concerned about data protection regulation, you need to ask whether you process data about individuals – employees, customers, suppliers – which is ‘personal’.

What data is considered “personal”?

Data is ‘personal’ if the information relates to a living individual, and that individual can be identified from the data, or from the combination of this data and other data which as a data controller you are or are likely to come into possession of. You can be a data controller and a data processor for different processing of personal data. A data controller determines the means and purpose of processing personal data. A processor follows the instructions of the data controller.


Why should your business comply with data protection legislation?

Most legislations on data protection imposes obligations on both ‘data controllers’ and ‘data processors’.

It is important you comply with the data protection legislation. A failure to comply can lead to an enforcement notice on your business, depending on the severity of the breach. If you do not comply with the notice within the period specified in the notice, enforcement powers will be used by the governing body to impose a penalty on your business.

You should not underestimate the penalties that can be imposed for non-compliance and the impact on the company’s reputation, in particular if the matter comes into the media.


What are the requirements on your business for data protection?

When collecting, processing and storing personal data, your business should ensure you comply with the relevant Data Protection laws.

Generally speaking (and under EU GDPR), you can process personal data if one of the six conditions is met, known as the lawfulness of processing:

  1. The data subject has given consent to the processing
  2. Processing is necessary for the performance of a contract
  3. Processing is necessary for compliance with a legal obligation
  4. Processing is necessary in order to protect the vital interest of the data subject
  5. Processing is necessary for the performance of a task carried out in the public interest
  6. Processing is necessary for the purpose of the legitimate interest pursued by the controller or third party except where such interests are overridden by the data subject

You can read more information here.


How can BRANDIT help my business when it comes to data protection?

BRANDIT helps small and mid-sized companies to review their internal data collection and management process. We make sure clients, employees and partners’ data is collected in a compliant way according to applicable laws and best practices.

We also run awareness training for your employees: yearly training is required by law. If you have not done a training this year, make sure you plan it soon.

For large enterprises, BRANDIT can act as an external expert on sporadic questions or on compliance programme.

We help you assess the potential risks, anticipate issues and find options to support your company’s digital strategy and thereby avoiding any consequential legal actions.

BRANDIT can offer support in the following areas:

  • Data Protection/Privacy
    • Data collection and management processes
    • Ensuring data collection compliancy
  • E-commerce
    • Assessment and support
    • Advice on opt ins / disclaimers and legal notices
    • Draft general conditions and look into cross border sales
  • Social media
    • Best practices and guidance
    • Copyright protection
  • Training

Customised training for company-wide groups or specific departments (e.g. HR)


Why do I need guidelines and advice for the setup and use of e-commerce and social media platforms?

E-commerce and social media platforms offer business great opportunities to engage with their current and potential customers online, however it can also bring a lot of risks. BRANDIT helps ensure that you have a safe and trusted relationship with your online community?




For e-commerce platforms, we help you assess the potential risks, anticipate issues and find options to support your company’s digital strategy and thereby avoiding any consequential legal actions. This includes:

  • Assessing the situation by looking at the different e-commerce models
  • Ensuring the project is lawful and legal mentions are suited to the company’s activity
  • Drafting general terms and conditions of sales online and look into cross-border sales
  • Advising on the implementation on appropriate opt-ins and disclaimers


For social media platforms, we help you:

  • Understanding the platforms rules
  • Best practices on how to communicate online
  • Things to pay attention to when collaborating with influencers and brand ambassadors
  • Guidance on how to use content on social media (and protect copyright) 
  • Monitoring and defending the company’s rights online

Some more things about us…

Employees in 16 offices

Trademarks managed

Languages spoken

Have another question for us? Get in touch!