Free ebook shows the 3 step system 68 students used to generate $8.2 million USD in 12 months

My friends Gerry Cramer and Rob Jones just released a really inspirational (and valuable) book, and for a short time they’ve made it available for free!  Follow this link to grab your copy now:

I highly recommend that you grab this while it’s still online. It reveals an incredibly powerful “Manifesto”, revealing the 3 step system 68 students used to generate $8.2million in the last 12 months.

They achieved this incredible success with:
– NO products of their own
– NO email list
– NO inventory
– and WITHOUT risking a bunch of money

Follow this link to grab your copy now:

Best of all, this system is perfect for newbies, and can be replicated time and time again with practically limitless earning potential!

Make sure you download a copy while it’s still available.

Click here to claim your free copy now:


Kind regards,

Click on the image to access your free ebook

Privacy Policy websites (collectively “” in this document) refer to sites hosted on the and other related domains and subdomains thereof. This privacy policy describes how uses and protects any information that you give us. We are committed to ensuring that your privacy is protected. If you provide us with personal information through, you can be assured that it will only be used in accordance with this privacy statement.

Website Visitors

Like most website operators, collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request.’s purpose in collecting non-personally identifying information is to better understand how’s visitors use its website. From time to time, may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website. also collects potentially personally-identifying information like Internet Protocol (IP) addresses. does not use IP addresses to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.

Gathering of Personally-Identifying Information

Certain visitors to choose to interact with in ways that require to gather personally-identifying information. The amount and type of information that gathers depends on the nature of the interaction. For example, we ask visitors who use our forums to provide a username and email address.

In each case, collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities, like purchasing a ticket.

All of the information that is collected on will be handled in accordance with GDPR legislation.

Protection of Certain Personally-Identifying Information discloses potentially personally-identifying and personally-identifying information only to those project administrators, employees, contractors, and affiliated organizations that (i) need to know that information in order to process it on’s behalf or to provide services available through, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using, you consent to the transfer of such information to them. will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to project administrators, employees, contractors, and affiliated organizations, as described above, discloses potentially personally-identifying and personally-identifying information only when required to do so by law, if you give permission to have your information shared, or when believes in good faith that disclosure is reasonably necessary to protect the property or rights of, third parties, or the public at large.

If you are a registered user of a website and have supplied your email address, may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with and our products. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum.

If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally-identifying and personally-identifying information.

Use of personal information

We use the information you provide to register for an account, attend our events, receive newsletters, use certain other services, or participate in our open source project in any other way.

We will not sell or lease your personal information to third parties unless we have your permission or are required by law to do so.

We would like to send you email marketing communication which may be of interest to you from time to time. If you have consented to marketing, you may opt out later.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click on the unsubscribe link at the bottom of the email.

Legal grounds for processing personal information

We rely on one or more of the following processing conditions:

§  our legitimate interests in the effective delivery of information and services to you;

§  explicit consent that you have given;

§  legal obligations.

Access to data

You have the right to request a copy of the information we hold about you. If you would like a copy of some or all your personal information, please follow the instructions at the end of this section.

Retention of personal information

We will retain your personal information on our systems only for as long as we need to, for the success of our open source project and the programs that support We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information from our live systems. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.

Rights in relation to your information

You may have certain rights under data protection law in relation to the personal information we hold about you. In particular, you may have a right to:

§  request a copy of personal information we hold about you;

§  ask that we update the personal information we hold about you, or independently correct such personal information that you think is incorrect or incomplete;

§  ask that we delete personal information that we hold about you from live systems, or restrict the way in which we use such personal information (for information on deletion from archives, see the “Retention of personal information” section);

§  object to our processing of your personal information; and/or

§  withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement.

Third Party Links

Our website may contain links to other websites provided by third parties not under our control. When following a link and providing information to a 3rd-party website, please be aware that we are not responsible for the data provided to that third party. This privacy policy only applies to the websites listed at the beginning of this document, so when you visit other websites, even when you click on a link posted on, you should read their own privacy policies.

Aggregated Statistics may collect statistics about the behavior of visitors to its websites. For instance, may reveal how many times a particular version of his software was downloaded or report which plugins are the most popular, based on data gathered by our api at, a web service used by WordPress installations to check for new versions of WordPress and plugins. However, does not disclose personally-identifying information other than as described in this policy.


Additionally, information about how you use our website is collected automatically using “cookies”. Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

Please see our cookie policy for more information about what cookies are collected on

Privacy Policy Changes

Although most changes are likely to be minor, may change its Privacy Policy from time to time, and at’s sole discretion. encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.


Please contact us if you have any questions about our privacy policy or information we hold about you by writing to ok @ (remove the spaces)

Terms of Service


This website is operated by Tom Urbanek. Throughout the site, the terms “we”, “us” and “our” refer to Tom Urbanek. Tom Urbanek offers this website, including all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here.

By visiting our site and/ or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms of Service”, “Terms”), including those additional terms and conditions and policies referenced herein and/or available by hyperlink. These Terms of Service apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.

Please read these Terms of Service carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms of Service, even if you don’t read them. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms of Service are considered an offer, acceptance is expressly limited to these Terms of Service.

Any new features or tools which are added to the current store or website shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.


By agreeing to these Terms of Service, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

You may not use our products for any illegal or unauthorized purpose nor may you, in the use of the Service, use them to violate any laws in your jurisdiction (including but not limited to copyright laws).

You must not transmit any worms or viruses or any code of a destructive nature.

A breach or violation of any of the Terms will result in an immediate termination of your Services.


We reserve the right to refuse service to anyone for any reason at any time.

You understand that your content (not including credit card information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Credit card information is always encrypted during transfer over networks.

You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service or any contact on the website through which the service is provided, without express written permission by us.

The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.


We are not responsible if information made available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk.

This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.


Prices for our products are subject to change without notice.

We reserve the right at any time to modify or discontinue the Service (or any part or content thereof) without notice at any time.

We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Service.


Certain products or services may be available exclusively online through the website. These products or services may have limited quantities and are subject to return or exchange only according to our Return Policy.

We have made every effort to display as accurately as possible the colors and images of our products that appear at the store. We cannot guarantee that your computer monitor’s display of any color will be accurate.

We reserve the right, but are not obligated, to limit the sales of our products or Services to any person, geographic region or jurisdiction. We may exercise this right on a case-by-case basis. We reserve the right to limit the quantities of any products or services that we offer. All descriptions of products or product pricing are subject to change at anytime without notice, at the sole discretion of us. We reserve the right to discontinue any product at any time. Any offer for any product or service made on this site is void where prohibited.

We do not warrant that the quality of any products, services, information, or other material purchased or obtained by you will meet your expectations, or that any errors in the Service will be corrected.


We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors.

You agree to provide current, complete and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed.


We may provide you with access to third-party tools over which we neither monitor nor have any control nor input.

You acknowledge and agree that we provide access to such tools ”as is” and “as available” without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools.

Any use by you of optional tools offered through the site is entirely at your own risk and discretion and you should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s).

We may also, in the future, offer new services and/or features through the website (including, the release of new tools and resources). Such new features and/or services shall also be subject to these Terms of Service.


Certain content, products and services available via our Service may include materials from third-parties.

Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.

We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party’s policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.


If, at our request, you send certain specific submissions (for example contest entries) or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, ‘comments’), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments.

We may, but have no obligation to, monitor, edit or remove content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party’s intellectual property or these Terms of Service.

You agree that your comments will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false e-mail address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments. You are solely responsible for any comments you make and their accuracy. We take no responsibility and assume no liability for any comments posted by you or any third-party.


Your submission of personal information through the store is governed by our Privacy Policy.


Occasionally there may be information on our site or in the Service that contains typographical errors, inaccuracies or omissions that may relate to product descriptions, pricing, promotions, offers, product shipping charges, transit times and availability. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information or cancel orders if any information in the Service or on any related website is inaccurate at any time without prior notice (including after you have submitted your order).

We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated.


In addition to other prohibitions as set forth in the Terms of Service, you are prohibited from using the site or its content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; or (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses.


We do not guarantee, represent or warrant that your use of our service will be uninterrupted, timely, secure or error-free.

We do not warrant that the results that may be obtained from the use of the service will be accurate or reliable.

You agree that from time to time we may remove the service for indefinite periods of time or cancel the service at any time, without notice to you.

You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided ‘as is’ and ‘as available’ for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

In no case shall Tom Urbanek, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law.


You agree to indemnify, defend and hold Tom Urbanek and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of your breach of these Terms of Service or the documents they incorporate by reference, or your violation of any law or the rights of a third-party.


In the event that any provision of these Terms of Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms of Service, such determination shall not affect the validity and enforceability of any other remaining provisions.


The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes.

These Terms of Service are effective unless and until terminated by either you or us. You may terminate these Terms of Service at any time by notifying us that you no longer wish to use our Services, or when you cease using our site.

If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof).


The failure of us to exercise or enforce any right or provision of these Terms of Service shall not constitute a waiver of such right or provision.

These Terms of Service and any policies or operating rules posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service).

Any ambiguities in the interpretation of these Terms of Service shall not be construed against the drafting party.


These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the valid laws in Colombia, South America..


You can review the most current version of the Terms of Service at any time at this page.

We reserve the right, at our sole discretion, to update, change or replace any part of these Terms of Service by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes.



Questions about the Terms of Service should be sent to us at ok @ (remove the spaces).

Cookies Policy 

Last updated: September 14, 2019 (“us”, “we”, or “our”) uses cookies on the website (the “Service”). By using the Service, you consent to the use of cookies.

Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

What are cookies 

 Cookies are small pieces of text sent by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

How uses cookies 

When you use and access the Service, we may place a number of cookie files in

your web browser.

We use cookies for the following purposes:

    To enable certain functions of the Service

    We use both session and persistent cookies on the Service and we use

    different types of cookies to run the Service:

    Essential cookies. We may use essential cookies to authenticate users and

    prevent fraudulent use of user accounts.

What are your choices regarding cookies 

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. As an European citizen, under GDPR, you have certain individual rights. You can learn more about these rights further down here.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

 * For the Chrome web browser, please visit this page from Google:  <>

  * For the Internet Explorer web browser, please visit this page from

    Microsoft: <>

  * For the Firefox web browser, please visit this page from Mozilla:


  * For the Safari web browser, please visit this page from Apple:


  * For any other web browser, please visit your web browser’s official web pages.

Where can you find more information about cookies 

You can learn more about cookies and the following third-party websites:

  * AllAboutCookies: <>

  * Network Advertising Initiative: <>

GDPR: EU General Data Protection Regulation

 The General Data Protection Regulation (GDPR) came into force in May of 2018. This extensive privacy law is considered by some to be the world’s toughest. The European Union (EU) describes the GDPR as:

“an essential step to strengthening citizens’ fundamental rights in the digital age and facilitating business […]”

Here’s an overview and general look at some of the most important components of the GDPR and how they’ll affect both businesses and individuals around the world.

(If you’re looking for an easy-to-read summary of every Article and Recital of the GDPR, we’ve got you covered there, too.)

The GDPR and the EU

The EU comprises 28 Member States, and the GDPR applies in all of them. The United Kingdom remains part of the EU for now, and has passed national law – the Data Protection Act 2018 – that gives the GDPR full effect. This law will remain in force after the UK leaves the EU, unless the UK Parliament repeals or amends it.

Your company may not be based in the EU. However, to quote the European Commision, the GDPR still applies if you’re “offering good/services (paid or for free) or monitoring the behavior of individuals in the EU.”

Processing Personal Data


The GDPR regulates the “processing” of “personal data.” This might not sound like it’s something you do, but it’s actually a very broad term:

•        Personal data means anything that can be used to identify an individual person. There’s no definitive list, but we know from the huge body of EU legislation, guidance and case law that the following things might be considered personal data under certain conditions:

o       Name

o       Phone number

o       Email address

o       Information about looks or behavior

o       Browser data e.g. certain cookies

•        Processing is an even broader term. The GDPR says that “any operation” performed with personal data could be considered processing. It’s hard to imagine something you could do with someone’s personal data that wouldn’t constitute “processing.” Some examples include:

o       Storing a list of names and email addresses

o       Sending a direct marketing email

o       Receiving someone’s name and phone number from a third party

o       Using certain targeted cookies on your website

Data Controller and Data Processor


In Article 4, the GDPR makes a distinction between “data controllers” and “data processors.”

•        A data controller is someone or some organization which “determines the means and purposes” of processing personal data.

•        A data processor is someone or some organization which “processes personal data on behalf of the controller.“

To put this in context – if your website sells shoes and uses an eCommerce platform like Shopify to take payments for those shoes, you’re the data controller and Shopify is the data processor.

If your business employs five people and you pay them using payroll software such as ADP, you’re the data controller, and ADP is the data processor.

Duties of both controllers and processors include:

•        Complying with the GDPR

•        Appointing a Data Protection Officer (DPO) if required

•        Co-operating with data authorities

Duties of controllers include:

•        Identifying a lawful basis for data processing

•        Creating a Privacy Policy

•        Facilitating data rights

•        Choosing and contracting only with data processors who comply with the GDPR

Duties of processors include:

•        Working strictly according to the contract they have with their data controllers

•        Subcontracting to other processors only with their controller’s permission

•        Helping their controllers facilitate data rights

Principles of Data Processing

All data processing in the EU must abide by the six data processing principles set out in Article 5 of the GDPR:

Lawfulness, Fairness and Transparency

Under Article 5(1)(a), personal data needs to be:

“processed lawfully, fairly and in a transparent manner in relation to the data subject.”

You can’t process personal data in the EU, except under one of the six lawful bases listed at Article 6(1) of the GDPR. You should only process people’s personal data a fair, non-misleading way that they would reasonably expect. You must transparent about how all your data processing activities, and maintain clear and concise Privacy Policy.

Purpose Limitation

Under Article 5(1)(b), personal data can only be:

“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”

You can only process people’s personal data in ways they’ve agreed to or would reasonably expect – and only for the purposes you need to process it for.

Data Minimization

Under Article 5(1)(c), personal data has to be:

“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

Once you know why and how you’ll be processing people’s personal data, you can only process the data that you need to achieve this. You don’t need someone’s phone number to send them an email.


Under Article 5(1)(d), personal data needs to be:

“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.”

Keep your records accurate, keep them up-to-date, and have a system in place to correct any inaccuracies.

Storage Limitation

Under Article 5(1)(e), personal data must be:

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

Only keep personal data for as long as you legitimately need it. You shouldn’t still have the email address of someone who purchased something from your store ten years ago.

Integrity and Confidentiality

Article 5(1)(f) states that personal data must be:

“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

Keep personal data safe, anonymize and encrypt it where feasible, and co-operate with the data authorities of the EU. If something does happen to your users’ personal data, you’ll need to report it within 72 hours.

Lawful Basis for Processing Under the GDPR

Under Article 6, you can only process personal data if you have identified one of the six lawful bases for doing so. It’s illegal to process personal data in the EU without a lawful basis.


One way to ensure that you’re processing your users’ data legally is to ask their permission to do it. This is essential for certain circumstances of processing, e.g. direct marketing for new customers. However, it actually isn’t always the best way.

Consent is a big part of the GDPR. One of the biggest changes it brings about is the very strict requirements it places on companies to earn the consent of their users. Some of the conditions for consent are set out at Article 7 and Recital 43 of the GDPR.

The key points are that in order for consent to be considered valid, it must be:

•        Freely given – you can’t pressure someone into consenting, or confer some arbitrary disadvantage on them if they choose not to.

•        Made via a clear, affirmative action – this means that:

o       So-called “browsewrap” agreements, where users were told they had given consent by the mere act of visiting a website – are generally no longer allowed. “Clickwrap” — where users expressly agree to terms by clicking “I agree” — is now essential in most cases.

o       Opt-out is no longer considered consent. There can be no more pre-ticked boxes.

•        Granular – if you’re asking users to consent to multiple types of data processing – for example, make a payment, set up an account, and receive your newsletter – you need to ask them to consent to each individual type of processing.

•        Revocable – it should be easy for your users to withdraw their consent – in fact, Article 7 of the GDPR says that it should be “as easy to withdraw as to give consent.“


If you’re in a contract with someone, you may have contractual obligations that you can’t fulfill unless you process their personal data in a particular way. Or, you might need to process someone’s personal data in order to decide whether to enter into a contract with them. For example, you might need to keep part of someone’s medical records on file if you’re about to offer them health insurance.

Legal Obligation

You might have a legal obligation to process someone’s personal data in a particular way. For example, disclosing your employees’ immigration status to border authorities, or complying with a court subpoena.

You need to be able to justify processing your users’ personal data in this way. It’s not just a matter of doing whatever the state tells you to do with their data.

Vital Interests

If someone’s life depends on you processing their data in a particular way, it’s lawful to do so. Article 6(1)(d) of the GDPR permits the processing of personal data where it’s necessary to “protect an interest which is essential for the life of the data subject or that of another natural person.”

This sounds unlikely, but it can happen where, for example, a surgeon requires emergency access to an individual’s medical records and the patient is unable to consent.

Public Task

If you’re part of a public body, or a private body with powers derived from law, you may be able to process personal data in order to carry out a task in the public interest. This might apply for activities related to voter registration, for example.

Legitimate Interests

Legitimate interests is described by the Information Commissioner’s Office (ICO) (the UK’s data authority) as: “the most flexible lawful basis for processing, but you cannot assume it will always be the most appropriate.”

You may be able to rely on this lawful basis if data processing is:

•        Pursuant to the legitimate interests of your organization

•        Necessary for this purpose

•        Not overridden by your users’ rights

There are a lot of potential examples of where processing personal data might be in your legitimate interests. For example, a law firm might need to keep records of the legal advice they’ve given in case a client sues them for negligence. This is true whether the client has consented or not.

Individual Rights Under the GDPR

The GDPR gives a lot of control to individuals when it comes to their personal data. There are eight rights, and as a data controller, it’s your job to help individuals exercise them.

Right to Be Informed

Under Article 12 of the GDPR, comprehensive information about your data processing activity must be provided in an easily accessible way, using plain language. You can comply with this right by having an easily accessible and legally compliant Privacy Policy.

Right of Access

Your users can exercise their rights under Article 15 of the GDPR to ask for information about any of their personal data that you’re processing. This called a Subject Access Request. You might be called on to provide confirmation of whether you’re actually processing someone’s personal data. You might also be asked for a copy of your user’s personal data.

Right to Rectification

Under Article 16 of the GDPR, your users have the opportunity to ask you to correct any inaccuracies your records show about them. They may be wrong, of course, and you can refuse to change their data if they are.

Right to Erasure

At Article 17 of the GDPR sits the “right to be forgotten.” There’s a bit of public misunderstanding about this right. It doesn’t confer an entitlement for any individual to have any reference to themselves deleted from your website. You still have the right to freedom of expression. But you will have to consider erasing personal data under certain conditions.

Right to Restrict Processing

Article 18 of the GDPR grants individuals the right to ask you to stop processing their data in a particular way. For example, an individual switches electricity suppliers and asks the old supplier to delete all of their personal data. But the old supplier is legally obliged to keep their data on file for eight years. So, instead they can restrict the processing to make sure that they aren’t using the individual’s data for improper activities.

Right to Data Portability

Under Article 20 of the GDPR, individuals should be able to request a copy of their personal data from you and take it to another organization. This ties in with the general principle that individuals should truly own their personal data.

Right to Object

Under Article 21 of the GDPR, individuals have the right to object to your processing of their personal data. This applies most straightforwardly in the case of direct marketing – your users can object to receiving direct marketing from you. There are no exceptions.

Other grounds of objection are more complicated, and you may have the right to refuse to stop some types of data processing under certain conditions.

Rights Related to Automated Decision-Making

At Article 22 of the GDPR, individuals have the right to request human intervention if important decisions are being made about them based on algorithms or profiling.

For example, if a computer decides that an individual’s power should be cut off because they failed to pay their bills, that individual can request that the decision is reviewed by a real person.

GDPR Privacy Policy

 Anyone who is subject to the GDPR needs a Privacy Policy. Under Article 12(1) of the GDPR, this needs to be provided “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.” This means no legalese. Write it for the people who need to read it – your users.

Your Privacy Policy needs to contain:

•        Contact details for your company and Data Protection Officer (if you have one)

•        The categories of personal data you process (including cookies)

•        Which lawful basis you’re relying on

•        The reasons you need to process personal data

•        The various ways in which you process personal data

•        What categories of third parties you need to share data with

•        Information about data rights of individuals


•        If you’ll need to transfer your users’ personal data to any non-EU country