The European Union’s (EU) Privacy Law, also known as General Data Privacy Regulation (GDPR) required all businesses to comply with data protection regulations as of May 25, 2018. The GDPR’s purpose is to ensure all organizations fulfill the obligations set forth for the protection of personal data of EU citizens. The European Commission states on its website: “Regulation (EU) 2016/6791, the European Union’s new General Data Protection Regulation, regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU.” Personal data includes but is not limited to: name, address email, ID number, IP address, and phone location data.
Rules for Business and Organizations
Organizations have many obligations under the GDPR including (but not limited to):
- Updating Privacy Policies
- Appointment of a Data Privacy Officer (specific organizations only)
- Performing Data Privacy Impact Assessments while implementing new technologies
- Report Breaches within 72 Hours
- Ability to demonstrate compliance to EU
- Adherence to personal data regulations, such as:
- Utilize data for a specific purpose
- Data minimization: only collect required information
- Ensure information is correct
- Secure data through appropriate safeguards
Rights for EU Citizens
EU Citizens has several rights as outlined in the GDPR when it comes to their personal data. These rights include:
- Knowledge of what the data is being used for
- Access to the data
- Request incorrect information to be corrected
- Request removal of data when it’s no longer needed
- Objecting to the use of your data for marketing purposes
- Restricting your data
Please reference the GDPR for a complete list of rights.
Choice Screening Compliance
This blog is a brief overview of the recent GDPR updates and is not intended to offer legal advice. Consult an attorney for interpretation and advice regarding GDPR.