Are you on a journey to comply with GDPR, but still have questions? We have answers.
Now that GDPR is here, companies are racing to implement crucial measures to become compliant with GDPR. And the questions keep coming:
What is GDPR?
The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) in April 2016.
It introduces new obligations to data controllers (who own the customer relationship), and data processors (who handle data on the controller’s behalf) including organizations with a physical presence in the EU as well as those based outside the EU. The goal is to prevent the personal data of all EU citizens from being misused or exploited.
What is a data controller?
A controller refers to a legal person, public authority, agency who determines the purposes and means of processing the personal data.
What is a data processor?
A data processor refers to a legal person, public authority, agency or other body that processes personal data on behalf of the controller.
What constitutes personal data?
Any information relating to an identified or identifiable EU citizen (data subject). An identifiable EU citizen is one who can be identified, directly or indirectly, such as name, identification number, location, IP address, and browsing behavior.
What is a ‘right to be forgotten?’
A data subject has the right to have his or her personal data erased and no longer processed.
This includes personal data no longer necessary in relation to the purpose for which it was collected or processed. A data subject can withdraw his or her consent or object to the processing of personal data concerning him or her.
What are the penalties for non-compliance?
The maximum fine that can be imposed for the most serious infringements can be up to 4 percent or €20 million (whichever is greater). Detailed information contains within Article 83 of the GDPR.