1. What is the General Data Protection Regulation (GDPR)?
This is a European Union (EU) Regulation intended to strengthen and unify the protection of Personal Data for European Union residents.
2. What are the key changes with GDPR?
An expanded definition of personal data
New and strengthened data subject rights and conditions for consent
Larger penalties for non-compliance
Mandatory reporting of data breaches
Data Protection Officer requirement
3. Who does GDPR apply to?
GDPR applies to natural persons and entities or service providers involved in the processing of personal data referring to EU residents. This impact applies even when processing is completed outside of the EU. The GDPR applies to both Controllers and Processors.4. What are the Data Subject rights?
Right to access
Right to erasure, rectification and restriction
Right to object
Right to be forgotten
Right to Data portability
5. Will data subjects have to provide consent?
Yes, consent to the processing of Personal Data has been strengthened. A request for consent must be freely given in a clear and easily accessible form and the purpose for data processing must be included. Consent must be specific, separate from other matters and provided using clear and plain language. Data subjects must be given the opportunity to withdraw their consent.
6. What is the definition of Personal Data?
Personal Data includes any information relating to an identifiable EU resident irrespective of whether it regards his or her private, professional or public life. Personal Data can include a name, photo, email address, bank details, medical information or an IP address.
7. What is a Data Subject?
A natural person who is the subject of Personal Data i.e. data which can identify and distinguish a living individual from any other.
8. What is a Data Controller?
A Data Controller includes a natural or legal person controlling and responsible for the keeping and use of Personal Data both electronically and in manual files.
9. What is a Data Processor?
A Data processor includes a natural or legal person involved in the processing of Personal Data on behalf of a Data Controller. Usually, a Processor is a third party external to the Data Controller. The duties of the Processor towards the Controller must be detailed in an agreement.
0. What do you need to do if you require more information?
Contact the Data Protection Officer on email@example.com or phone 2560 3253