Print
European Union GDPR Requirements
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside these regions. GDPR became effective in May 2018, and it applies to all organizations that process the personal data of people in the EU, regardless of where the organization is based.
Here are some ways Zoptiks complies with GDPR:
1. Understand the Personal Data You Have: Organizations should conduct data audits to understand what personal data they hold, where it came from, how it's used, and who it's shared with.
2. Consent: GDPR requires clear consent from individuals to process their data. The request for consent must be given in an easily accessible form, with the purpose for data processing attached to that consent.
3. Right to Access and Data Portability: Individuals have the right to access their personal data and to know how it's being used. They also have the right to receive their data in a 'commonly used and machine-readable format' and to transmit that data to another organization.
4. Right to be Forgotten: Individuals can request the deletion of their personal data under certain circumstances. Organizations must be prepared to handle such requests.
5. Data Protection Officers (DPOs): Some organizations must appoint a DPO to oversee their data protection strategy and ensure compliance with GDPR requirements.
6. Data Breach Notifications: Organizations must report certain types of data breaches to the relevant supervisory authority within 72 hours, if feasible unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
7. Privacy by Design and by Default: GDPR requires the inclusion of data protection from the onset of designing systems, rather than an addition, and the strictest privacy settings should be the default.
8. Data Protection Impact Assessments (DPIAs): Organizations must conduct DPIAs where data processing is likely to result in a high risk to data subjects.
9. International Transfers: Organizations must ensure they have a lawful basis for transferring personal data outside the EU/EEA.
10. Training: Organizations should provide training to employees who handle personal data to help ensure compliance with GDPR.
Here are some ways Zoptiks complies with GDPR:
1. Understand the Personal Data You Have: Organizations should conduct data audits to understand what personal data they hold, where it came from, how it's used, and who it's shared with.
2. Consent: GDPR requires clear consent from individuals to process their data. The request for consent must be given in an easily accessible form, with the purpose for data processing attached to that consent.
3. Right to Access and Data Portability: Individuals have the right to access their personal data and to know how it's being used. They also have the right to receive their data in a 'commonly used and machine-readable format' and to transmit that data to another organization.
4. Right to be Forgotten: Individuals can request the deletion of their personal data under certain circumstances. Organizations must be prepared to handle such requests.
5. Data Protection Officers (DPOs): Some organizations must appoint a DPO to oversee their data protection strategy and ensure compliance with GDPR requirements.
6. Data Breach Notifications: Organizations must report certain types of data breaches to the relevant supervisory authority within 72 hours, if feasible unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
7. Privacy by Design and by Default: GDPR requires the inclusion of data protection from the onset of designing systems, rather than an addition, and the strictest privacy settings should be the default.
8. Data Protection Impact Assessments (DPIAs): Organizations must conduct DPIAs where data processing is likely to result in a high risk to data subjects.
9. International Transfers: Organizations must ensure they have a lawful basis for transferring personal data outside the EU/EEA.
10. Training: Organizations should provide training to employees who handle personal data to help ensure compliance with GDPR.