Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Unleashed and GDPR
The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018. Here’s some information on what the GDPR is, how it affects your business and what Unleashed has done to comply.
What changes has the GDPR brought?
The GDPR is a new regulation designed to secure the personal data rights of EU residents. It imposes new rules on organisations that govern how they process and store personal data. The GDPR also provides individuals with certain rights over their personal data, including the rights to access, correct and delete personal data.
How does the GDPR affect your business?
The GDPR applies to any organisation that processes personal data of European Union residents irrespective of where the organisation practices from.
Here are some resources about how the GDPR affects small to medium businesses.
- Frequently Asked Questions about the incoming GDPR – A list of FAQs about the incoming GDPR.
- The EU General Data Protection Regulation – IT Governance outlines the key elements of the GDPR.
- Preparing for the GDPR – The Information Commissioner’s Office has released a 12-step checklist on getting your business GDPR-ready.
- Intersoft Consulting GDPR – Intersoft Consulting transformed the official GDPR PDF to a browsable version.
What has Unleashed done about GDPR?
At Unleashed, we understand the implications of the GDPR and see compliance as an opportunity for us to firm up our processes for all our customers and their data. Here’s what we’ve done:
- We have identified the areas in our product where we need to make changes in order to comply.
- We have engaged with our architecture and product teams to specify the changes required.
- We have mapped out our internal data flow and processes to ensure we are aware where all personal data is stored, transferred and processed.
- We have reviewed our contractual arrangements with our subprocessors and ensured their processes are compliant.
- We have started our internal awareness and training campaigns.
What constitutes personal data?
When did the GDPR come into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016 and it took effect on 25 May 2018.
Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements. The rules apply to both controllers and processors, meaning ‘clouds’ will not be exempt from GDPR enforcement.
Do you have a Data Processing Addendum I can sign?