General information about the GDPR
It won’t be a surprise, but the General Data Protection Regulation (GDPR) will apply from May 25th, 2018. From that moment on, the same regulations will apply in all of the European Union regarding the protection of personal data. You can read some general information about the GDPR below.
What is GDPR?
The GDPR stands for General Data Protection Regulation.
Which date will the GDPR be applicable?
The GDPR will commence on May 25th, 2018. As a result, the same privacy regulations will be valid throughout the EU.
What is the impact of GDPR?
The GDPR has a broad scope and therefore a big effect on many issues. It will impact at least all companies that are located inside the European Union (EU).
Different types of personal information
With the arrival of the GDPR, individuals need to explicitly comply with the collection of personal information. The following falls under personal data:
- Personal details: Name, Address, City, Phone number, Email, Date of birth, but also GPS location data and for example the device-ID of a mobile phone.
- Pseudo-anonymous data: aren’t (directly) traceable to a person without the use of additional data. Are traceable to an individual but not to a directly recognizable person. Consider: IP-address, hashed email, order ID, user ID, data via tracking scripts such as Google Analytics.
- Anonymous data: doesn't apply within the GDPR.
Personal data and pseudo-anonymous data can be used with explicit permission for clearly specifiek, explicit and legitimate goals. The data cannot be processed in ways that aren’t compatible with these goals.
The five most important pillars of the GDPR
The key changes that are enforced with the introduction of the GDPR, can be categorized in the following five pillars:
- Transparency Companies should inform individuals involved about how personal data is collected and processed. This should be communicated in an understandable way.
- Accountability Companies are more accountable to show themselves they comply to the legalisation. Companies have a documentation requirement, an obligation of proof and the responsibility to reduce privacy risks that are related to personal data.
- The right to view, edit or delete personal data.
- The right to request personal data in an accessible file format (e.g. Excel) and transferring this data to other companies.
- The right to be forgotten: companies should delete personal data when the individual concerning the data requests it. This should be executed at once, or at least within the timespan of a month. Please note: this also applies for data that has been shared with third parties.
Obligation to report data breaches
Companies are obliged to report a data breach with 72 hours, unless it can be proven that the breach will not endanger the privacy of the individuals whom it concerns.
Privacy by design and privacy by default
Privacy by design ensures that companies will consider the protection of personal data in the development of new products or services and protect personal data by default when it comes to technical and organizational matters. Privacy by default means companies should take action to only collect the bare minimum of personal information by default for the purpose they serve.
Want to learn more about the impact of the GDPR on webinars and on your WebinarGeek account?
Make sure to read our blog post "WebinarGeek and the GDPR".