Personal data according to GDPR

Personal data according to GDPR

In various life situations, almost every entrepreneur is dealing with personal data and the issues of their processing nowadays and everyday life (monitoring by CCTV system, keeping payroll and personnel agenda, processing orders or customer complaints, keeping patient records, providing advertising and marketing services etc.).

What does GDPR mean?

It is a legally binding regulation that lays down new rules on the protection of personal data. It came into effect on 25.5.2018. It is a general data protection regulation, abbreviated as GDPR, adopted in the form of a European regulation in all countries of the European Union.

What is a Personal Data by GDPR

GDPR considers personal data to be information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier, such as:

• name, surname, date of birth;
• identification number - personal identification number, ID card number, location data - address;
• genetic data relating to the inherited or acquired genetic characteristics of a natural person;
• data relating to the state of health of the data subject, which provide information on the past, present or future physical or mental health of the data subject;
• data specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity;
• online identifier - natural persons may be assigned online identifiers provided by their devices, applications, tools and protocols (IP address, cookies, or other identifiers).

What this brings in practice

For emails and phone numbers, it depends on whether or not they can be used to identify directly or indirectly (using a third party) who they are.

In the case of the data subject's request for erasure, the provider must assess the eligibility of the request. If all the conditions for erasure are fulfilled, it must not only delete the data but he must also inform the other processors processing the data of the request. The Regulation also considers the monitoring of the behaviour of individuals on the Internet in the use of technology as data processing. They create profiles of these persons for the purpose of taking a decision. Profiling is currently a commonly used marketing tool for building retail sales over the Internet. The GDPR determines the conditions under which operators may benefit from this instrument. Aligning the state of the art with GDPR depends on a number of factors that require processes in several stages.

Summary

Entrepreneurs had to review their internal processes, legal and security documentation, and adjust everything else to GDPR by the deadline of 25 May 2018. Specific entrepreneurs will be affected by the degree of regulatory impact, depending on the nature, quantity and sensitivity of the personal data processed associated with the risks.

If you are interested in ensuring your privacy policy in line with GDPR, please ask us for a free quote.

Free Quote