GDPR compliance is not optional. It is the law.
Fines reach €20 million or 4% of annual global turnover. Genroks prepares your company for full GDPR compliance: policies, documentation, data mapping, and ongoing advisory.
What it is
The General Data Protection Regulation
GDPR is European Union law that came into force in May 2018. It governs how organizations collect, store, use, and share personal data of individuals in the EU. It applies to any company processing EU personal data, regardless of where the company is located.
Unlike ISO 27001 (a voluntary standard), GDPR has no opt-out. Enforcement is active: regulators across Europe issue fines routinely, including against small and mid-sized businesses.
Who must comply
Any company with EU customers
If you collect emails, names, or browsing data from EU individuals, GDPR applies.
SaaS and software companies
Processing user data, analytics, or behavioural tracking triggers GDPR obligations.
E-commerce and marketplaces
Order data, payment records, and shipping information are all personal data under GDPR.
B2B companies with EU contracts
Enterprise clients increasingly require GDPR documentation before signing agreements.
Enforcement
The cost of non-compliance
Tier 1 violations
€10M
or 2% of annual global turnover, whichever is higher
Includes violations such as:
- ·Insufficient data protection policies
- ·Missing records of processing activities
- ·Failure to notify a breach within 72 hours
Tier 2 violations
€20M
or 4% of annual global turnover, whichever is higher
Includes violations such as:
- ·Processing data without a legal basis
- ·Violating data subject rights
- ·Transferring data unlawfully outside the EU
Our service
What Genroks delivers
We handle the full GDPR preparation: from auditing your current data flows to delivering ready-to-sign documentation.
Privacy Policy
Legally compliant, written in plain language. Covers data collection, purpose, retention, and rights.
Records of Processing Activities
Complete ROPA documentation mapping every data flow across your organization.
Data Processing Agreements
DPAs for all third-party processors: CRMs, analytics tools, payment providers, and more.
Data Retention Schedule
Clear rules for how long each data category is stored and when it must be deleted.
Consent Mechanisms
Cookie banners, opt-in forms, and withdrawal flows that meet GDPR consent requirements.
Breach Response Procedure
A documented process for detecting, reporting, and managing personal data breaches within 72 hours.
Data Subject Rights Process
Procedures for handling access requests, erasure requests, and portability requests.
Gap Analysis and Advisory
We audit your current state, identify gaps, and advise on immediate and long-term priorities.
Free GDPR starter guide
Not sure where to start? Our free guide covers the most common GDPR mistakes, what data you are legally required to protect, and how to build a compliant data retention policy.
FAQ
Common questions about GDPR
Does GDPR apply to my company?
If your company processes personal data of individuals in the EU, GDPR applies, regardless of where your company is based. This includes collecting email addresses, tracking website visitors, or storing customer records.
What are the fines for GDPR non-compliance?
GDPR fines come in two tiers. Lower-tier violations (e.g., insufficient data protection policies) carry fines up to €10 million or 2% of global annual turnover. Higher-tier violations (e.g., breaches of core principles or data subject rights) carry fines up to €20 million or 4% of global annual turnover, whichever is higher.
How long does GDPR preparation take with Genroks?
For most small and mid-sized companies, we can have your documentation, policies, and processes audit-ready within 5 to 10 business days. The timeline depends on your company size and how much personal data you currently process.
What does Genroks actually prepare for GDPR compliance?
We prepare your full GDPR documentation: privacy policy, data processing agreements, records of processing activities, data retention schedules, consent mechanisms, breach response procedures, and a data subject rights process. We also advise on your current data flows and flag gaps.
Is GDPR the same as ISO 27001?
No. GDPR is EU law governing personal data protection. ISO 27001 is a voluntary international standard for information security management. They complement each other but serve different purposes. Being ISO 27001 certified does not automatically make you GDPR compliant.
Do I need a Data Protection Officer (DPO)?
Not all companies are required to appoint a DPO. It is mandatory if you are a public authority, carry out large-scale systematic monitoring of individuals, or process special categories of data at scale. Genroks can assess whether you need one as part of the consultation.
Get compliant
GDPR compliance in 5 to 10 days.
One consultation call is all we need. We audit your data flows, build your documentation, and get you compliant before the next client asks for it.