What is GDPR?
New EU regulations surrounding the collection and use of the personal data and information of EU citizens comes into effect on May 25, 2018.
The regulation seeks to give greater control to individuals over the data collected and processed by organizations, and gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, the purpose for collection the right to purge it upon request.
Read on for an overview of the new regulations
Impact and Scope of the GDPR
Increased Territorial Scope
Penalties and Fines
Data Subject Rights
In plain English, a data subject is any EU citizen from which you are collecting personal data. GDPR compliance requires data subjects be granted certain rights:
- Right to Access. Data subjects must be able to request and obtain confirmation that data is or is not being collected on them, and if so exactly what data is being collected, how, where, and for what purpose. That data must also be provided to them in an electronic format free of charge on request.
- Right to Be Forgotten. Data subjects must be provided a quick and painless way to withdraw consent and have collected data purged.
- Data Portability. Similar to the Right to Access, Data Portability requires that data subjects are able to request, obtain, and/or transfer possession of collected data at any time.
- Breach Notification. If a breach/unauthorized access of personal data takes place that is likely to “result in a risk for the rights and freedoms of individuals”, notification must be made within 72 hours of becoming aware of the breach.
Explicit Consent Requirement for Data Collection
Strengthened consent requirements are the core of the new regulation. If you collect or manage any EU citizen’s data, you must:
- Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.
- Have a means for users to request access and view the data you have collected on them.
- Provide users with a way to withdraw consent and purge personal data collected on them; i.e. the “Right to Be Forgotten”.
The measures Zaui Software has taken to be compliant with GDPR:
Safeguarding your personal data, and helping you to safeguard your users’ is extremely important to us. Here we outline the steps we have taken to ensure we are compliant with these new regulations.
How do I ensure my Business is compliant with GDPR?
We’ve got your GDPR bases covered for as far as your use of Zaui goes. However you need to think about GDPR in the context of your entire operation. Here we provide a GDPR readiness checklist for tour, activity and transportation operators.