The Long Arm of Europe's Data Privacy and Protection Regulation

Are you prepared to meet the May 25th, 2018 requirements for the General Data Protection Regulation (GDPR)? This is a data protection and privacy law passed in the European Union, and applies to more than just organizations based in the EU. If your organization collects, stores, transfers, or uses the personal information of European Union Citizens (including employees, contractors, clients, donors, customers, etc.) - GDPR applies to you.

IS THE GDPR APPLICABLE TO OUR ORGANIZATION?

WHAT DO I NEED TO KNOW?

The General Data Protection Regulation (GDPR) expands privacy rights for individuals. EU citizens have the right to:

  • Obtain confirmation as to whether or not their personal data is being processed, where and for what purpose (Right to Access)
  • Access their personal data (Right to Access)
  • Correct errors in their personal data (Right to Access)
  • Erase their personal data (Right to be Forgotten)
  • Object to having their personal data processed (Right to be Forgotten)
  • Receive a copy of any personal data stored, and transfer that data to another vendor/controller (Data Portability)

 

WHAT CONSTITUTES “PERSONAL DATA”?

Any singular piece or combination of information that can be directly linked back to the identity of a person or data subject.

Some common examples include:

  • Names
  • Photos
  • E-mail Addresses
  • Banking or Financial Information
  • Social Media Information
  • Medical Information
  • Phone Numbers
  • Date of Birth
  • Address
  • Salary Information

KEY POINTS TO UNDERSTAND

For an organization to have lawful rights to process personal data of EU citizens, it must have obtained agreement or permission from the individual.

The European Union plans to enforce the GDPR regulation even in non-EU countries. 

Data subjects should clearly be able to opt-in or opt-out. 

Organizations need to identify who is responsible for the data and its security.

Organizations that breach GDPR can face significant fines. 

The full regulation can be found online at https://www.eugdpr.org/

 

STARTING THE CONVERSATION

Here at Summit Business Technologies, we understand that becoming GDPR-compliant may seem like a complicated task. If you’re not sure where to start, contact us today. We will walk you through the steps to comply with the law and maintain the data privacy and security of EU citizens.

Contact Us Now

 

ADDITIONAL READING

 

Bruce Broseker

Bruce Broseker is Summit’s Security Practice Consultant, and brings over 25 years’ experience in the Enterprise IT field, in progressively more challenging roles, including End User Support, Software Product Development, Network Administration, and Systems Engineering. Bruce focuses on security awareness, remediation, policy and procedure writing, and other security solutions. He has significant expertise in client management, documentation, systems administration, software updates, and change management.

Related Posts

SUBSCRIBE BUTTON 2.png

Sign up for Our Blogs

Latest blogs