What is the General Data Protection Regulation (GDPR)?


The General Data Protection Regulation (GDPR), whose implementation began on 25 May 2018, applies to all the companies that are based in the EU as well as the international companies all of which are processing personal data that belong to people who are residing in the European Union.

Although many of the principles of the GDPR regulation are in fact an extension of the existing EU data protection rules, the GDPR regulation has a wider scope and stricter standards and provides significant financial penalties. For example, it sets stricter conditions in obtaining consent to the use of certain types of data and it extends the rights of individuals to access their data and its transmission. It also provides significant enforcement powers by allowing supervisors to impose financial sanctions that can amount to up to 4% of a company total annual revenue for certain infringements.



Data protection is an important issue for LEDRA LTD, and we fully comply with the current EU data protection law as well as the General Data Protection Regulation (GDPR).

Having already started the necessary procedures to comply with the GDPR Regulation, we undertake the following commitments:

  1. Transparency: Our Data Policy will remain the only means of describing the methods that we apply for processing a users’ personal data. At the same time, we will provide a range of consent options for both new and existing customers as well as recipients of our updates, alerts within the products and solutions we advertise and educational campaigns for our end customers.
  2. Audit: We will continue to provide to our customers and email recipients ways to control their data usage. In this context, we will always be able to exercise “the right to be forgotten”.
  3. Accountability: We are responsible for all of our practices and we have established Privacy Control Principles that explain our rationale behind privacy and data protection. Our legal department has regular meetings with regulators and legislators, as well as privacy specialists, in order to stay up-to-date with the current legislations and also make the necessary adjustments wherever necessary.



Basic legal structures

Under the GPDR, there are several reasons for processing personal data. Below we describe the most relevant legal structures, in line with the GDPR Regulation.

Conventional necessity

  1. The processed data must be necessary for the execution of any project and should be set out in the contract between the individual.


  1. Certain and explicit consent is required, which should be given freely, after having knowledge of all the relevant information and with a clear, positive energy.
  2. Recipients have the right to withdraw their consent and should be informed of that specific right.

Legitimate interests

  1. An enterprise or other third party must have a legitimate interests which are not undermined by the rights or the interests of the individual who gives his consent for processing its personal data.
  2. Data processing should be ceased if there an objection is risen.


Data Controller: Data controller is someone who defines scope and & means for each case of personal data processing.

Data controllers should adopt compliance measures covering how the data is collected, the purposes for which it is used and the length of time it is retained and will ensure that natural persons have a right of access the data held.