Login
Service Contact Lex4You
Login

GDPR for freelancers

Even though the General Data Protection Regulation (GDPR) has been in effect since May 2018 it’s still unclear what the obligations and restrictions around handling personal data for freelancers are.

Last updated on 2 October 2023 by Jenny Bjorklof

Florence Deley, Business Legal Advisor Entrepreneurs at Securex answered 5 common questions freelancers have around GDPR:

1. Is GDPR applicable to freelancers? 

Yes. GDPR is applicable to freelancers. It is applicable to anyone who collects, stores, or uses the data of people in the EU.

Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.

The GDPR obliges you to clearly inform individuals about what data you keep and for what purposes they are used. You also have an obligation to keep this data safe to avoid leaks.

This applies to both the data of customers and the data of your partners, suppliers and basically anyone you come in contact with and whose data you manage.

2. Who am I allowed to send an marketing email to? 

A marketing email complies with the GDPR when it:

  • Presents the option to unsubscribe
  • Is sent to someone who signed up for it
  • It advertises a service related to the receiver

So cold emails to people whose address you have found online are okay, as long as they know where you got the address from, they can opt out from future communication easily and they include information that is relevant to the receiver.

3. What should be mentioned about GDPR in my terms and conditions?

Be sure to refer to your privacy policy in your terms and conditions and on your invoice.

Things that should be included are:

  • The identity and contact details of the organisation
  • Description of how you process personal data and under which regulation
  • Details regarding any transfer of personal data to a third party
  • Retention period of the data
  • The rights of the data subject
  • How to withdraw consent at any time
  • How to submit a complaint to a supervisory authority

You can also buy templates in Dutch and French via Securex e-shop, see this link.

4. How do I store personal information the right way? 

You must protect personal data “against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

Technical measures mean anything from using antivirus programmes and firewalls, strong passwords, two-factor authentication on accounts where personal data are stored to contracting with cloud providers that use end-to-end encryption.

5. What happens if I get audited and I’m not compliant? 

Those who don’t follow the rules can get hit with a fine of €20 million or 4 percent of global revenue, whichever is higher, plus compensation for damages.

Kickstart your career as freelancer with the tools of Securex

Jenny Bjorklof

I’m a super-connector. I love connecting the right people and the right knowledge to help people move forward. I’m the community manager of the fast-growing Facebook group Freelancers in Belgium.

I’m also very active on LinkedIn and I offer training on how to use it optimally.

Originally I came from Finland, but I moved to Ghent more than 10 years ago.