Businesses across the globe, small or large are in the middle of preparing for compliance with the European Union’s (EU) new data privacy laws: GDPR, which stands for The General Data Protection Regulation. It goes into effect on May 25, 2018.
The GDPR applies to businesses both in and outside of the EU and businesses that do not comply with the GDPR could face hefty fines.
We’ve put together some information about GDPR for informational purposes and what we’re doing to comply. Please note that you should consult your own legal counsel to determine if you’re affected by the requirements of GDPR.
What is GDPR?
GDPR is an abbreviation for General Data Protection Regulation, which goes into effect on May 25, 2018. In an effort to create harmonized data privacy laws across all EU member states, European lawmakers passed this law with a purpose to:
- Support privacy as a fundamental human right;
- Require companies that handle personal data to be accountable for managing that data appropriately; and
- Give individuals rights over how their personal data is processed or otherwise used.
Personal data and what it is.
GDPR defines personal data as “any information relating to an identified or identifiable natural person”. So what does this really mean? In addition to what you may already think about such as name, address, email address, financial information, contact information, etc, personal data can also include digital identifiers such as IP address, cookies, geolocation, browsing history amongst others. It could also mean more in-depth information such as mental, physical, social, economic, or cultural identities.
If the information can be tracked back or related in some way to an identifiable person, it’s highly likely that it will be considered “personal data” under the GDPR.
As an individual, what rights does the GDPR Provide?
Under the GDPR, an individual may exercise several rights, including:
- Right of access – Individuals can ask for a copy of the personal data stored and ask for an explanation of how it’s being used.
- Right to rectification – Individuals have the right to modify or remove any of the personal data retained about them at any time.
- Right to be forgotten – Individuals can ask to have their personal data deleted.
- Right to restrict processing – Individuals can ask for limited use of their personal data of they believe their personal data is inaccurate or collected unlawfully.
- Right of portability – Individuals have the right to receive their personal data in a structured machine-readable format.
- Right to object – If an Individual decides that they no longer wish their personal data to be used in analytics or to receive direct marketing emails or other targeted marketing content at any time, the individual may opt-out of use of their data for these purposes.
It’s important to note that these rights are not absolute and that exceptions or limitations may apply in some cases.
What is GreenGeeks doing for GDPR compliance?
How does GDPR affect your business?
Anyone (Individuals, companies or businesses) that has a presence in the EU or offers goods/services to, or monitor the behavior of anyone in the EU need to comply with the GDPR.
We are reviewing and updating where required our agreements with you and with our sub-contractors to include the necessary GDPR terms, in addition to notices, policies and internal procedures, features and templates to help ensure our compliance.
As always, please consult with your own legal counsel about whether or not GDPR applies to you and your business and what actions you need to take for compliance.
Please Note: The information presented in this post is to help guide you through understanding GDPR and isn’t a substitute for legal advice. Full information on GDPR can be found on the GDPR website.