GDPR News Center News for 10-04-2018

GDPR Commitment

The General Data Protection Act is considered to be the most significant piece of European data protection legislation to be introduced in the European Union in 20 years and will replace the the 1995 Data Protection Directive. The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data. 

In summary, here are some of the key changes to come into effect with the upcoming GDPR:. Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard. Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors. Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations. 

New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals. Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues. 

Keywords: [“Data”,”GDPR”,”organizations”]
Source: https://www.hotjar.com/legal/compliance/gdpr-commitment

GDPR Commitment

The General Data Protection Act is considered to be the most significant piece of European data protection legislation to be introduced in the European Union in 20 years and will replace the the 1995 Data Protection Directive. The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data. 

In summary, here are some of the key changes to come into effect with the upcoming GDPR:. Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard. Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors. Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations. 

New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals. Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues. 

Keywords: [“Data”,”GDPR”,”organizations”]
Source: https://www.hotjar.com/legal/compliance/gdpr-commitment

Our Outreach GDPR Compliance

Outreach believes that as a SaaS company security and privacy is a shared responsibility with our customers. Requirements such as greater data access and erasure rules, privacy by design, and data breach notification processes may mean changes for your organization, and are a shared responsibility between yourself and your partners. It is important to understand your obligations related to the GDPR regardless of where your organization resides, and Outreach will work with you to achieve them. By nature of Outreach’s integration architecture, you determine what data is sent over for processing. Accordingly, your company acts as the controller and must abide to a set of core principles regarding the handling of the personal data. 

Per the GDPR principles, you should avoid sharing unnecessary personal data with Outreach. Typically, the only class of personal data you should share with Outreach is contact information and you should not share other classes of data that are not relevant to managing your sales pipeline. It is your responsibility to ensure certain data types are not sent to Outreach for processing. Recommendation: Review the user information shared with Outreach and ensure you are not sharing any unneeded or sensitive personal data. GDPR states that data controllers must provide users with specific information on how their personal data is being collected, used, stored and shared. 

If your legal counsel determines you also need to obtain user consent before using Outreach, make sure you update your integration with Outreach to only send data from those who provided the required consent or have otherwise consented to it. Outreach continues to monitor the continuing guidance issued by the Article 29 Working Party to ensure that we remain abreast with the most recent developments pertaining to GDPR. Even when the regulation comes into full effect, Outreach is prepared for the fact that privacy compliance in the EU will be an evolving area and that compliance with GDPR is not a one-stop check box or finish line – it will require continuous adjustments and actions to ensure that we, and our customers, remain compliant. 

Keywords: [“data”,”Outreach”,”share”]
Source: https://www.outreach.io/trust/gdpr-compliance

Leave a Reply

Your email address will not be published. Required fields are marked *