GDPR is now in force. The law that involves in the protection of EU citizens data is approved and adopted. The Regulation that came into force on 25th May 2017 aims to ease the flow of personal data across 28 EU member states. As we know, GDPR is designed as a direct replacement of the Data Protection Act which was primarily passed by the European Parliament in 1998. InfoClutch’s need-to-know guide explains and addresses some of the frequently asked questions about the impending new General Data Protection Regulation (GDPR).
What is GDPR?
General Data Protection Regulation is primarily the replacement for the 1995 Data Protection Directive and Data Protection Act passed by European parliament in 1998. Drawn up by the EU, GDPR is a legal framework that strengthens the data rights of EU citizens and sets guidelines for collection and processing of personal information of individuals across all member states of the European Union (EU).
Although the primary goal of previous principles is to include the harmonization of data protection laws, it lagged behind as it was a directive. This necessity paved the way for a significant piece of legislation known as GDPR.
The new law became enforceable in all the member state. Besides, the updated General Data Protection Regulation consists of various provisions to strengthen the rights of data subjects. Also, it adds harsher penalties for the violation of the law.
The GDPR policy applies not only to EU firms but also to the non-EU businesses who monitor or process the data of EU citizens. However, this law is not applicable to legal entities and a deceased person.
What are the rules and regulations of GDPR?
To ensure compliance, GDPR has its set of rules and regulations to protect EU citizens from privacy and data breaches. Some of the critical points regarding GDPR compliance include:
Increased Territorial Scope: This regulation applies to processors and controllers who are in the context of the establishment of processing the data whether or not it takes place in the Union or the territory or the company location.
Penalties:Any organization in breach will be fined up to €20 Million or 4% of annual global turnover, whichever is greater. These laws apply to both controllers and processors.
Consent: The consent has to be taken in the intelligible and easily accessible form, and companies are no longer permitted to use long illegible terms and conditions full of legalese Also, marketers must abide to the rules like breach notification, right to access, right to be forgotten, privacy and data portability.
Also, marketers must abide to the rules like breach notification, right to access, right to be forgotten, privacy and data portability.To know more about GDPR policy, please visit EU’s GDPR website: https://www.eugdpr.org/
Our Commitment to GDPR
What steps has InfoClutch taken:
a. To get consent from individuals to process it on?
GDPR raises the bar to higher standard consent for residents of EU. No information collected in the past remains compliant anymore unless it’s obtained with consent complying GDPR. We stick to the ground rule and follow consent practices by allowing sign-ups for customers with double opt-in.
We as well audit existing contact list and implement a re-permission program with email confirmations. If it’s via telephone or direct mail, we keep evidence of information like who consented, when & what they were advised at the time of consent, how (via social media, check out) and whether they have withdrawn the consent.
b. What if the individuals object to provide consent?
InfoClutch thoroughly understands and follows the rules and regulations of GDPR. We allow individuals their right to object in processing their personal information in any circumstances.
We recognize the objection and hence do not process data thereafter. We ensure to take steps and respond to the objection without undue delay. We take appropriate measures to erase, suppress or cease the processing of personal data.
c. What if someone wants to opt-out at any time?
All major laws like CASL in Canada, CAN-SPAM in the U.S and GDPR in the EU require their brands or marketers to allow their subscribers with an opportunity to opt out anytime. Adhering to the rules, we at InfoClutch ensure to include an option to opt out in all the emails making sure unsubscribing an easy choice, so the subscriber never loses interest. We don’t ask for any information beyond the email address, we neither ask them to visit more than once or one page to submit their request.
How does InfoClutch constitute to EU Citizens personal data?
As a global leader, we are prepared with the robust set of technical and organizational security measures for all our services. We provide a new contract that complies with GDPR requirements for DPA or Data Processing Agreements.
We are aware that any form of data including information like name, age, telephone, email and physical address, and also less visible data such as cookies and IP address are deemed as personal data when linked to a human being.
Whether it is private, business or professional, if the data subjects to personal or online identifiers or even the way organization collect information about people is being processed as personal data.
How does InfoClutch deal with backups and archives?
On a legal basis, we process organizations data of our data subjects with a legitimate interest. We have a backup in any case if the information is accidentally destroyed. We ensure to take away the data at any point of time if the users want to opt out.
Archives for a matter of fact involves in long-term storage of information in the organizations' history and they remain unaffected under the rule of national archives permits.
Is InfoClutch ready for the GDPR challenge and compliance?
Yes, we are in full compliance ready with GDPR and its requirements. It has always been our top priority. We understand the legislative framework, prioritize and develop a remediation plan that takes into consideration. We leverage different projects undergoing in the company and avoid doubling up the work by mapping the legislation.
Does InfoClutch educate its customers about the GDPR?
Yes, we do educate our customers about GDPR and its rules. We have updated our privacy policies, but more importantly, we are updating better marketing relationships by asking our clients the content at the same time passing on the message about GDPR and its compliance.
Does InfoClutch follow any legal basis to process personal data under the GDPR?
Yes, to process the personal data under the GDPR, we do have a legal basis to do so and to document it. Under our terms, data processing shall be lawful only if:
The data subject has given consent to process his or her personal data.
The party provides us with the permission to enter the data subject into the contract
Compliance is followed by a legal obligation to which the controller belongs.
Legitimate interests are pursued by the controller or by a third party.
Performance of a tasks carried out in the public interest
What effect does InfoClutch have on GDPR?
As a B2B marketing firm, we have always secured our customers personal data from any violations. With the implementation of GDPR, we ensure to have greater control in storing personal information of citizens in EU and other continents. InfoClutch has laid out its GDPR preparation plan since the day it was passed into law. To develop a definitive solution we have minimized economic and business disruption while remaining fully compliant and observant of the legislation.