top of page
GDPR boete Mr. Franklin.jpg

GDPR Obligations for Enterprises

With the advent of privacy legislation, there are alsoGDPR obligationsarise for companies. It is irrelevant whether it concerns a multinational or a sole proprietorship: the regulations regarding data processing apply to everyone. We briefly explain the most important key points.

Does General Data Protection Regulation apply to every company?


General Data Protection Regulation(or General Data Protection Regulation) is relatively new European privacy legislation that applies to all companies, government authorities and associations thatprocess or collect personal data. 


GDPR therefore does not apply to every organization, but nowadays a company quickly falls under the scope of this regulation. For example, if youcustomer dataordata of employeesrecords or uses the e-mail addresses of natural persons in a mailing, then there is already data processing.


Please note: GDPR also applies to non-European companies that offer goods or services in the European member states and process personal data of EU residents.

What are the obligations under GDPR?


A company that processes personal data must therefore comply with a number ofobligationsto fulfil. First of all, any processing of personal data, no matter how minor, mustbe based on a legal basis. These legal bases are exhaustively listed in the GDPR legislation:


  • Consent of the data subject

  • The data processing is necessary for the performance of the agreement

  • The data processing is required by law

  • The processing of the personal data is necessary to ensure the protection of vital interests of the data subjects 

  • The processing is done in the public interest

  • It is necessary to process the personal data to represent a legitimate interest


Online, the most commonly used legal basis is thepermissionof the data subject, but companies will usually process personal data in the context of a contractual order from a customer or to comply with a legal obligation.


There is also onetransparency obligation. As a result, your company is obliged (if it processes personal data) to inform natural persons involved in a transparent and understandable mannerinform you of the processing. This must be done in writing and must be demonstrable, such as adding a privacy policy to a website. This way you immediately have written proof if any legal disputes arise later.


Although it sounds quite simple, the implementation of this transparency obligation is not always obvious. mr. Franklin is happy to advise and assist your company in these and many other legal issues related to GDPR regulations. Already250+ companiespreceded you.

Processing of special personal data


In addition, there is also a separate category of the most risky personal data -  the so-called“sensitive data”. These are, for example, medical data, information about ethnic origin, criminal data, etc. The legislator is of the opinion that the processing of this entails special risks for the persons involved.


Therefore, the processing of sensitive data is in principle prohibited. However, the GDPR legislation contains a number of strictly defined onesexceptions: in these cases, the processing of sensitive data is permitted provided that the company meets additional obligations.

What if my company is not compliant with GDPR?


If your company processes personal data in a non-GDPR-compliant manner, this will of course be subject tosanctionslead. Among other things, the supervisory authority can give you afineimpose: this can be up to 4% of your company's annual global turnover. In addition, any natural person whose data has been unlawfully processedfile a complaintto the Data Protection Authority.

Protect your company against GDPR fines and do a free GDPR audit with Mr.Franklin.


GDPR-proof in max 3 months


Data Protection Officer

AData Protection Officer(DPO) is oneindependent personthat oversees compliance with GDPR requirements within an organization. In a number of specific cases, there is a legal obligation to appoint a DPO: for example, if a company processes special data on a large scale. For organizations that are exempt from this obligation, it may still be advantageous to appoint a Data Protection Officer.


With the support of an external DPO, you as a manager can always be sure that your company operates in compliance with GDPR. In addition, this may be taken into account when the personal data supervisory authority decides whether or not to impose a fine: in some cases, the presence of a DPO is considered amitigating factorseen.


The team of Mr. Franklin has three certified DPOs. They have all gained extensive experience as Data Protection Officers for companies in various sectors. We work with all-in formulas: price for a quarterly subscription DPO as-a-service starts from 300.00 € + VAT.

mr. Franklin: Customized GDPR service


Companies that fall under the scope of GDPR must continue to ensure that this legislation is respected. The possible complications that can be involved should not be underestimated. In addition, the legislation is relatively often supplemented by important case law, which means that it remains important to keep your company's policy up-to-date.

mr. Franklin is happy to take over these legal concerns for you. As a law firm, we arespecialized in offering all kinds of customized GDPR services. We always use a pragmatic and clear approach.Transparency about costs(and about the file, of course) is our priority: that is why we work with fixed rates and all-in-one formulas where possible. Prices for our all-in-one packages start from 2,000.00 € + VAT.





mr. Franklin provides us with excellent support in the field of legal IT assistance, GDPR, property law and financial disputes. Drive, speed, passion for the profession, correctness are just a few keywords that Mr. Franklin & their team type. 

Xavier Goegebeur / Link Optimizer


mr. Franklin always provides quality work for a clear price.

Alain Carels / Carbofisc

bottom of page