GDPR Compliance - Fawkes Digital Marketing

GDPR Compliance

Get a Free Strategy Session Today!Call 256-258-8593Pricing Estimate

Last updated: October 14, 2025

Our Commitment to Data Protection

At Fawkes Digital Marketing, we deeply respect the privacy of our clients and their customers. We believe data protection is not just a legal requirement but a core part of our ethical responsibility. We collect and process only the information that is necessary to deliver our services effectively, and we maintain strict controls to safeguard it. The General Data Protection Regulation (GDPR) gives individuals more control over their personal information, and we have adopted its principles across all our global operations, regardless of where our clients are located.

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU-wide privacy and data protection law that regulates how companies handle personal data belonging to individuals in the European Union. It took effect on May 25, 2018, and applies not only to EU-based organizations but also to any business that processes data of EU residents. GDPR strengthens individuals' rights over their personal data and holds companies accountable for protecting that data.

What is Personal Data?

Personal data refers to any information that can identify an individual, either on its own or in combination with other data. Examples include:

  • Full name or business name
  • Email address or phone number
  • IP address or device identifiers
  • Financial and billing information
  • Physical address or location data
  • Login credentials or user IDs
  • Marketing preferences or behavioral data

How Fawkes Digital Marketing Ensures GDPR Compliance

We have implemented a wide range of operational, technical, and organizational measures to comply with GDPR and protect our clients' data.

  • Employee Awareness and Training: All employees receive regular training on data handling, privacy protection, and information security best practices.
  • Product and Service Review: Every Fawkes Digital Marketing service has been reviewed for GDPR compliance, ensuring clients maintain control over their data.
  • Data Inventory and Classification: We maintain an internal Information Asset Register (IAR) that identifies what personal data is collected, where it is stored, who has access to it, and for what purpose.
  • Third-Party Assessments: We evaluate and contractually require all third-party vendors and service providers to meet GDPR-level data protection standards.
  • Privacy by Design: Our systems and solutions are built with privacy as a foundational principle, ensuring user data is handled securely by default.
  • Data Protection Officer (DPO): We have appointed a DPO to oversee compliance efforts and address any data protection inquiries or concerns.
  • Data Processing Addendum (DPA): Clients may request a DPA to formalize data protection terms by contacting us at support@FawkesDM.com.
  • Data Protection Impact Assessments (DPIA): We conduct DPIAs where necessary to evaluate risks and strengthen protective measures.
  • Regular Internal Audits: Our operations are reviewed periodically to identify and correct any gaps in data security or privacy practices.
  • Encryption and Security: Sensitive data is encrypted both in transit and at rest, and stored in secure, access-controlled environments.
  • Data Retention and Cleanup: We periodically review and purge inactive or outdated data in compliance with GDPR's data minimization principles.
  • Breach Notification Policy: In the unlikely event of a data breach, affected users or clients will be notified within 72 hours in accordance with GDPR Article 33.
  • Transparent Privacy Policy: Our Privacy Policy is regularly updated to reflect changes in regulation, internal data handling practices, and client feedback.

We may update this GDPR Compliance Statement periodically to reflect changes in our processes, technology, or applicable law. We encourage you to revisit this page regularly to stay informed.

Contact Us

Fawkes Digital Marketing
1013 Fuller Street SW
Cullman, AL 35055
Email: support@FawkesDM.com
Phone: 256-258-8593

GDPR Frequently Asked Questions (FAQ)

The EU's General Data Protection Regulation (GDPR) is a comprehensive law that governs how personal data of EU residents is collected, stored, and processed. Introduced in 2016 to modernize outdated data protection rules, GDPR ensures individuals have greater control over their personal information in an increasingly digital world.

GDPR applies to any organization handling the personal data of EU residents, regardless of where the organization is based. It establishes clear obligations for data controllers and processors.

GDPR has global reach. Any organization worldwide that processes personal data of EU residents falls under its jurisdiction.

Violating GDPR can result in severe penalties:

  • Up to 4% of the organization's annual global turnover, or
  • €20 million, whichever is higher.
  • Data Subject: Any natural person residing in the EU whose personal data is being processed.
  • Data Controller: Determines the purpose and methods of processing personal data.
  • Data Processor: Processes data on behalf of the controller.
  • Supervisory Authorities: Public authorities that monitor GDPR compliance and investigate breaches.

Personal data is any information that identifies or can identify a natural person. It can be:

  • Direct identifiers: Name, email, phone number, etc.
  • Indirect identifiers: Date of birth, gender, location, and other characteristics.

GDPR introduces enhanced rights for data subjects and stricter obligations for organizations:

  • Explicit Consent: Individuals must be informed and give clear permission for their data to be processed, with the ability to withdraw consent easily.
  • Right to Access: Data subjects can request details of personal data being held.
  • Right to Be Forgotten: Individuals can request deletion of their personal data.
  • Processor Obligations: Processors must demonstrate GDPR compliance and follow controller instructions.
  • Data Protection Officer (DPO): Organizations may need a DPO to oversee GDPR compliance.
  • Privacy Impact Assessments (PIA): Large-scale processing requires assessments to minimize risks.
  • Breach Notification: Controllers must notify authorities and affected individuals within 72 hours of a breach.
  • Data Portability: Individuals can receive their data in a machine-readable format and transfer it to another controller.

Controllers can process personal data under six lawful bases:

  • Contract: Processing necessary to fulfill contractual obligations or customer requests.
  • Legal Obligation: Processing required by law or regulatory authority.
  • Vital Interests: Processing needed to protect life or health.
  • Public Task: Processing carried out by public authorities for official duties.
  • Legitimate Interests: Processing for business or societal interests, documented through a Legitimate Interests Assessment (LIA).
  • Consent: Freely given, specific, informed, and unambiguous permission from the data subject.

An LIA evaluates whether the organization has a valid reason to process personal data. It includes:

  • Assessment of the legitimate interest
  • Determining necessity for processing
  • Balancing test to ensure rights of data subjects are protected

For more information, refer to the following:

Note: Fawkes Digital Marketing is not responsible for the content of these external pages and does not endorse them.