🆕  2025 U.S. State Privacy Laws: what you need to know

What size of companies are affected by GDPR?

The GDPR came into effect in 2018 and has changed the way businesses handle customer data. Let's find out what size of company is affected by the new GDPR rules.
Read time
5 min read
Last updated
November 25, 2024
Ketch is simple,
automated and cost effective
Book a 30 min Demo

The General Data Protection Regulation, abbreviated to GDPR, came into effect in 2018 and has since changed the way businesses handle customer data. Although an EU directive, GDPR affects any company, large or small, that sells its products and services to the European market.

Regardless of the size, your business must be GDPR compliant if you want to avoid hefty fines, stretching well over $24 million! Google was fined roughly $57 million by the French data protection authority back in 2020 for failing to meet GDPR requirements.

Read more: What happens if you break GDPR laws

The extent of GDPR  

GDPR is a strict data privacy policy designed to protect European Union citizens’ personal data.  

It also limits how much customer information is accessible by business organizations. The aim is to give people more control over their personal information and force companies to handle information in ways that allow individuals to easily exercise that control.

This regulation extends far beyond the European borders and affects businesses worldwide. Just after its introduction, most companies made efforts to reform their privacy policies to be GDPR compliant.

You would be wrong to think your company is not subject to the GDPR if it wasn't established in the EU. Furthermore, it doesn't matter whether the data processing takes place inside or outside the EU.

If your company collects information from anyone in the EU by any means, you're bound by the GDPR rules, no matter where you are located.

Any company that targets EU citizens with its marketing campaigns, accepts payments in Euros, and/or has European employees also falls under GDPR guidelines.

It's essential to know if your company is affected by GDPR. Running your business without giving a second thought to its regulations is like an open invitation to fines, and they will come knocking pretty soon!

What size of companies are affected by GDPR?

As a rule, any company with over 250 employees must be GDPR compliant. They must also hire a data protection officer to keep records of the data processing activities engaged in by the business. So, if your company has fewer employees, you may not have to be GDPR compliant.

However, that only applies if your company doesn't process data from EU citizens regularly.

Large-scale companies regularly venture into the international market and, of course, the European market. They sell their products and services to EU citizens and, in doing so, collect data from them for various purposes such as target marketing.

In addition to that, these companies often employ European citizens. So, it's a given that GDPR applies to them, and they must comply with GDPR regulations.

Read more: What is a RoPA under GDPR?

On the other hand, small companies may also engage in international trading, which binds them to GDPR. Even if you've got a local US-based company and most of your customers are US citizens, chances are you've got a website that is accessible to European citizens.

This makes your company subject to the GDPR. So, always be careful how you collect data! Now, it's considered good practice to make your company GDPR compliant even if you've got a small business.

If you haven't done it yet, this is as good a time as any to change your privacy policies to make sure your business is run according to the law and the fines are kept at bay. A good place to begin is with the seven data protection principles of GDPR. Another good move might be to look into a data privacy compliance tool.

Final words  

GDPR indeed makes the business world a bit more challenging, but we can't deny the opportunities it brings.  

Adhering to the strict rules and regulations of GDPR shows that a company values individual privacy. It helps to build deeper trust with visitors and a better reputation generally.

So, if you've got a company, make sure it is GDPR compliant—not just to avoid fines but also to respect  people’s privacy.

Read time
5 min read
Published
September 21, 2021
Need to comply with GDPR?

Ketch helps companies comply with every law, now and in the future. Check out our easy templates and banners.

Try Ketch for free
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo
Ketch was named top consent management platform on G2