Are you ready for GDPR? The General Data Protection Regulation is now law in the European Union (EU) and you may have some questions about it. Here’s what we know about the law and what we’re doing to make CloserConnect GDPR-Compliant. This article does not constitute legal advice but serves as a resource for reference. We recommend you consult legal counsel to learn about how GPDR impacts you and your company.
What is the GDPR?
After four years of preparation and debate, the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
EUGDPR.org – Trunomi – May 2018
What are the basics?
Explain clearly why the user should provide personal information. How the information will be used and how long it will be kept.
Require user consent for the processing of personal information. The need for consent and the information being released by that action should be readily available.
Provide access for users to view what information is being stored and how it is being utilized.
In the event of a personal data breach, companies are required to notify regulatory authorities within 72 hours of discovery.
Personal information needs to be removable on request if it violates GPDR or the fundamental rights of Europeans.
Individuals have the right to appeal against the decision when it is based on automated processing and produces a legal effect or similarly significant impact on the individual.
Ensure safety of ethically-sensitive information such as health, race, sexual orientation, religion and political view.
Individuals should be able to opt-out of direct marketing campaigns that utilize their data.
Data transfer outside the EU
Personal data can only be transferred to the countries outside the EU and the EEA when an adequate level of protection is guaranteed.
What is PII?
Personal Identifiable Information (PII) is any data that can be used to identify a specific individual. Any information that can be used to distinguish one person from anonymous data. PII under GDPR has been expanded to include:
|Linked personal data examples(directly linked to a person)||Linkable personal types(combine to identify a person)||Sensitive (special personal data types)|
|Full name||First name only||Biometric data|
|Date of birth||Last name only||Racial data|
|Residential Address||A portion of the address (country, street, postcode etc.)||Health data|
|Telephone number||Age Category not specific (20-30 years or 40-60 years etc.)||Ethnic origin|
|Email Address||Place of work||Political opinions|
|Passport number||Position at work||Religious or philosophical belief|
|Identification number||IP address||Trade union details|
|Drivers Licence number||Device ID||Genetic data|
|Social security number||Sexual preference|
What is CloserConnect doing to prepare?
We have changed many of our internal policies, and are committed to compliance with the GDPR. We’re also working to build tools and processes for our users to handle their data appropriately.
What can I do to prepare?
We encourage you to consult your company’s policies on handling Personal Identifiable Information (PII) in the US, EU and elsewhere and consult with legal and/or data security professionals about your GDPR compliance.
We highly recommend consulting the full text of the GDPR for more detail.