PERSONAL DATA SHOULD BE HANDLED WITH CONSIDERATION
ETHICS & QUALITY
GDPR - GENERAL DATA PROTECTION & REGULATION
WHAT IS GDPR?
The European Parliament adopted the General Data Protection Regulation (GDPR) in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
WHO IS AFFECTED?
The GDPR significantly widens the scope of EU data protection law. Any organisation that processes personal data of EU individuals is within the scope of the law, regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information related to an identified or identifiable individual (also called a “data subject”), such as names, email address and other personally identifying information. This definition also extends to technical information, such as an IP addresses or device identifiers. “Processing” under the GDPR means collection, storage, transfer, or use.
WHAT IS THE UPSIDE?
The GDPR makes compliance with EU data protection law more predictable because it provides for harmonisation of data protection requirements across the EU – as opposed to the current regulations, which have resulted in a sort of patchwork of laws across all EU member states. The GDPR also makes compliance easier because the law was updated with the current state of technology in mind. The previous regulation is over 20 years old. Things have changed quite a bit since then, leaving various gaps when overlaying the law over current technology and complex international data flows and business processes. The GDPR aims to close many of those gaps.
DOCUMENTS & SIGNING PARTIES
As an existing client of Humanostics a range of documents are required for your company to be GDPR compliant. Your contract has to be the latest format and you have to sign a DPA (Data Processing Agreement). In addition to signing the DPA you will also require a subprocessor addendum, so please reach out to us to be provided with the correct addendum. If you have any questions about the DPA or The Predictive Index’s efforts in relation to the GDPR, you can visit The Predictive Index’s website.