Menu
Blog Ondernemers

GDPR for freelancers

Entrepreneurs | 09 December 2020 | Written by Jenny Bjorklof

Even though the General Data Protection Regulation (GDPR) has been in effect since May 2018 it’s still unclear what the obligations and restrictions around handling personal data for freelancers are. 

GDPR for freelancers
Florence Deley, Business Legal Advisor Entrepreneurs at Securex answered 5 common questions freelancers have around GDPR, namely:
 
  1. Is GDPR applicable to freelancers?
  2. Who am I allowed to send an marketing email to?
  3. What should be mentioned about GDPR in my terms and conditions?
  4. How do I store personal information the right way?
  5. What happens if I get audited and I’m not compliant?

1. Is GDPR applicable to freelancers?Yes. GDPR is applicable to freelancers. It is applicable to anyone who collects, stores, or uses the data of people in the EU. 

Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.

The GDPR obliges you to clearly inform individuals about what data you keep and for what purposes they are used. You also have an obligation to keep this data safe to avoid leaks.

This applies to both the data of customers and the data of your partners, suppliers and basically anyone you come in contact with and whose data you manage. 

2. Who am I allowed to send an marketing email to? 
A marketing email complies with the GDPR when it:
  • presents the option to unsubscribe, 
  • is sent to someone who signed up for it
  • It advertises a service related to the receiver 
So cold emails to people whose address you have found online are okay, as long as they know where you got the address from, they can opt out from future communication easily and they include information that is relevant to the receiver.

3. What should be mentioned about GDPR in my terms and conditions?
Be sure to refer to your privacy policy in your terms and conditions and on your invoice. 

Things that should be included are: 
  • The identity and contact details of the organisation
  • Description of how you process personal data and under which regulation
  • Details regarding any transfer of personal data to a third party
  • Retention period of the data
  • The rights of the data subject
  • How to withdraw consent at any time
  • How to submit a complaint to a supervisory authority
You can also buy templates in Dutch and French via Securex e-shop, see this link.

4. How do I store personal information the right way? 
You must protect personal data “against accidental loss, destruction or damage, using appropriate technical or organizational measures.” 

Technical measures mean anything from using antivirus programmes and firewalls, strong passwords, two-factor authentication on accounts where personal data are stored to contracting with cloud providers that use end-to-end encryption.

5. What happens if I get audited and I’m not compliant? 
Those who don’t follow the rules can get hit with a fine of €20 million or 4 percent of global revenue, whichever is higher, plus compensation for damages.


We hope this blog post has helped you with your GDPR questions as a freelancer. What other laws and practical obstacles stand in the way of your life as a freelancer? 
 
Securex helps freelancers kick start their careers in numerous ways: