GDPR
Frequently Asked Questions
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a regulation that was adopted by the European Union (EU) in 2016 and became enforceable on May 25, 2018. The GDPR aims to strengthen and unify data protection for individuals within the EU and to ensure that organizations that process their personal data do so in a transparent and responsible manner.
The GDPR applies to all organizations that process the personal data of individuals within the EU, regardless of whether the organization is located within the EU or not. Personal data is defined broadly and includes any information that can be used to identify a person, such as a name, address, email address, or IP address.
The GDPR places various obligations on organizations that process personal data, including obtaining consent from individuals for data processing, providing individuals with the right to access, correct, and erase their personal data, implementing appropriate technical and organizational measures to protect personal data, and reporting data breaches to the relevant supervisory authority.
Do I need to comply with GDPR if my company is not in Europe?
GDPR applies to all companies that process the personal data of European Union (EU) residents, regardless of their location.
Failing to comply with GDPR can result in significant fines and other penalties, even if your company is not located in the EU. Therefore, it is essential to understand whether your company is subject to GDPR requirements and take appropriate steps to comply with them.
Contact us to help you determine if you are subject to GDPR.
What is considered personal data?
Personal data is defined broadly and includes any information that can directly or indirectly be used to identify a person, such as a name, address, or email address. Location, ethnicity, gender, biometric data, religious beliefs, web cookies, IP address, or even political opinions can be considered personal data.
The GDPR places various obligations on organizations that process personal data, including obtaining consent from individuals for data processing, providing individuals with the right to access, correct, and erase their personal data, implementing appropriate technical and organizational measures to protect personal data, and reporting data breaches to the relevant supervisory authority.
What does it mean to process data?
In the context of GDPR, processing of data refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes the collection, recording, organization, structuring, storage, retrieval, use, transmission, dissemination, erasure, or destruction of personal data.
Processing can refer to a wide range of activities related to personal data, such as analyzing, profiling, or tracking individuals' behavior, storing or hosting personal data, or sharing personal data with third parties.
It's important to note that GDPR applies to both automated and non-automated processing of personal data. This means that even if you manually process personal data, such as by maintaining paper records, you may still be subject to GDPR requirements.
Contact us to see how we can help you with GDPR compliance.