Know Your Rights!

Lets Protect Our Privacy and Get PAID!


MAY 25th 2017 the new GDPR – General Data Protection Regulation is coming into force empowering EU consumer rights with the world’s strongest personal data protection/privacy law.
All EU Citizens have the right to know exactly how their personal data are used by any company or organization worldwide!
Simple write an email to the company to request how your personal data is used. This information must be delivered to you FREE of charge according to the law.

We suggest you only deal with companies which are: GDPR Certified

If the company or organization do not comply with your email about access to know how your personal data is used, please inform us and we will add them to our Blacklist

Fines for NOT complying with the data protection law is 4% of their annual turnover up to EUR 20 million, but if repeated the DPA can stop the company from using their data. This is probably the most important part of the law. Now use your rights to enforce it!


GDPR states the following to protect consumer privacy:


  1. YOU MUST GIVE CONSENT
    No company or organization can use your data without explaining how they will use it and ask for your consent. Your consent must be registered and demonstrated upon request. It must be as easy to withdraw consent as it is to give it!
  2. BREACH NOTIFICATION
    In the event of a data breach, data processors have to notify their controllers and customers of any risk within 72 hours.
  3. RIGHT TO ACCESS
    Data subjects have the right to obtain confirmation from data controller of whether their personal data is are being processed (analyzed ans/or commercialized). Data controller should provide an electronic copy of personal data for free to to data subjects.
  4. RIGHT TO BE FORGOTTEN
    When data is no longer relevant to its original purpose, data subjects (EU Citizens) can have the data controller to erase their personal data and cease its dissemination.
  5. DATA PORTABILITY
    A person shall be able to transfer their personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller. Data that has been sufficiently anonymised is excluded, but data that has only been de-identified but remains possible to link to the individual in question, such as by him or her providing the relevant identifier, is not. Both data that has been ‘provided’ by the data subject, and data that has been ‘observed’ — such as about their behavior — is within scope.
  6. PRIVACY BY DESIGN
    Calls for inclusion of data protection from the onset of designing systems, implementing technical and infrastructural measures (This is the biggest obstacle because this requires most companies or organizations to handle personal data in a complete different way than before MAY 25th 2017. This is not an IT department task, this is a decision by the board of directors on how to make the Xroad design/mapping to secure personal data by encryption or fragmenting the information to ensure privacy).
  7. DATA PROTECTION OFFICERS
    Larger companies or even smaller companies handling large amount of personal data must engage a DPO – Data Protection Officer. His job is to ensure that the company is in compliance with the law. He is an independent authority inside the company and must report to the board of directors. Not the IT department nor to the legal department.
  8. THE FINES
    Fines for not complying with the law is 4% of their worldwide turnover or EUR 20 million. Which ever is higher. Companies outside EU can be denied to sell their products or services to the European market if not complying with GDPR.

We suggest you only deal with companies which are: GDPR Certified

NOTE: The EU US PrivacyShield.gov has nothing to do with compliance under GDPR. This is moreover an agreement between the Swiss Data Protection Agency and the US in order to try to find a loophole around the actual EU GDPR privacy laws for American businesses who want to sell to Europeans. However Switzerland is not a member of the European Union! Furthermore their offering of Self-Certify must not be taken serious. Lets take privacy serious this time! There has been too many big breaches of personal data in the USA over the last years and lets never forget EQUIFAX!!! Giving corporations rights to self-certify is like letting the wolf watch over the lambs…… The most serious problem with PrivacyShield.gov is that there is no place for data subjects(EU Citizens) to ask for help if the company listed on their FRAMEWORK website do not comply with the required GDPR law and send you the requested information. If the US company don’t reply to you within 45 days you can only file another online complaint with US website Truste. Or finally try to write a 3rd. complaint over the American company to DPA – Data Protection Authority in EU


GDPR Watchdog will challenge the companies listed under PrivacyShield.gov to deliver accountable information to the data subjects(EU Citizens) after May 25th 2018. We will report back on that in our weekly newsletter. so sign up!

If the company or organization do not comply with your email about access to know how your personal data is used, please inform us and we will add them to our Blacklist

Empowering EU Consumers! We are here to help with CLASS A lawsuits against American companies not complying with GDPR. We also strongly believe YOU should be paid fairly for your personal data and preferences used by corporations!

In case a company do not send you the requested information on how they collect or use your personal data, just send us an email: info@GDPRwatchdog.org

READ ALSO: EU ePrivacy regulation; Online advertising industry hates it – How dare people refuse to be tracked online…