GDPR

what is the GDPR?

The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a new EU law that went into effect on May 25, 2018. It is designed to give individuals more control over their personal data and impose stricter rules on those hosting and processing that data. As a small business, it’s important you understand the key aspects of GDPR compliance.

What type of data does the GDPR apply to?

The GDPR applies to any data that can identify an individual, including names, ID numbers, location data, financial information, medical information, IP addresses and more. It also gives specific protections around sensitive information like sexual orientation, religion, ethnicity and political opinions.

What are the key principles of GDPR?

The GDPR is built around key principles like lawfulness and transparency, purpose limitation, data minimization, accuracy, storage limits, integrity and confidentiality. Essentially, you must have a lawful basis to collect personal data, be transparent in how you use it and only collect what is necessary. You must keep data secure and up-to-date and only store it as long as needed.

What are the rights of individuals under GDPR?

The GDPR strengthens the rights of individuals to access, correct, delete and move their personal data. Individuals can object to or limit processing and must provide clear consent for data collection and use. Kids receive special protections. Data breaches must also be reported within 72 hours.

What do small businesses need to do to comply?

Small businesses must inventory their data and review privacy policies, get consent for marketing contacts, implement data protection plans to safely collect/use data and appoint data protection officers to oversee compliance. You’ll also need to have procedures in place for fulfilling data requests within the 30-day deadline and reporting any breaches promptly. Staying compliant helps avoid heavy fines under GDPR. For the latest information, visit the links page

gdpr.eu

The GDPR.eu website is the complete guide to the General Data Protection Regulations. It is a very straightforward and easy to understand website.

https://gdpr.eu

Intersoft consulting

Intersoft consulting has the official PDF of the General Data Protection Regulations and they have conveniently put it on their website for ease of use.

https://gdpr-info.eu

European commission

The European commission has information about the rules for the protection of personal data inside and outside the EU. 

https://commission.europa.eu/law/law-topic/data-protection_en