What is GDPR?
The General Data Protection Regulation (GDPR) is an European Union (EU) regulation (2016/679) that enhances current data protection laws and rights for EU citizens. This enhances data protection rights for data subjects and obligates companies to be more transparent.
When will the GDPR take effect?
The General Data Protection Regulation (GDPR) comes into force on the 25th of May 2018.
Why does this affect me?
GDPR applies to anyone who holds or processes the data of an EU citizen, regardless of whether you are based in the EU or a third country, and enhances the data rights of all EU citizens. More information can be found on the EU’s website.
EQUALIBRAS as a controller and a processor
Data controllers are companies that decide how personal data is collected, used or tracked from EU citizens. As a client, it is likely you are a controller for the data you collect and use on EQUALIBRAS. EQUALIBRAS also acts as a controller when collecting and using your personal information.
Data processors are companies that process data on behalf of data controllers. As you will most likely be processing information for your clients, it is possible that EQUALIBRAS is also a data processor for this type data activities. As a customer data platform, EQUALIBRAS is considered a data processor.
We will be ready for the GDPR as both a data controller and when acting as a data processor on your behalf.
How is EQUALIBRAS preparing for GDPR?
- We have updated internal processes to ensure your updated rights are protected for the GDPR.
- We have nominated a Data Protection Officer (DPO) who is responsible for GDPR compliance within EQUALIBRAS. You can talk to them here.
- We are ensuring any vendors or third party companies we use are also GDPR compliant.
- We are ensuring we are compliant in international security standards (ISO 27001).
- We are training all staff on the requirements of GDPR and data privacy procedures.
Does the GDPR require storage of personal data in the EU?
No, however GDPR does set out conditions for the transfer of personal data outside of the EU. An array of mechanisms exist to allow for data to flow from the EU to third countries securely, and without loss of the data subjects fundamental rights, the most common of which is via an adequacy decision or via the EU-US Privacy Shield.
What is an adequacy decision?
An adequacy decision allows for data to flow from an EU country to a third country on the basis that the data protection regulation in that third country is sufficiently adequate to safeguard the rights of an EU data subject. Once the EU commission has determined that a country has sufficiently adequate data protection legislation in place, transfers may occur between the EU and the third country as if the country was an EU member state.
What is the EU-US Privacy Shield?
The EU-US Privacy Shield is a framework which allows for data transfers from the EU to the US whilst protecting the rights of EU data subjects. This ensures that EU subjects whose data is transferred to the US maintain their fundamental data protection rights, whilst obligating companies who receive data from the EU to comply with strong data protection requirements.
Where is my data stored?
If you are a British or EU citizen and have informed us as such, your Personal Data will be stored, processed or transferred to/on servers based in the European Economic Area (“EEA”), on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield.
If you are not a British or EU citizen and have informed us as such, your personal Data will be stored, processed or transferred to/on servers based in Australia, on servers based in the European Economic Area (“EEA”), on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield.
When using third party providers to support the services we provide to you, we ensure that any third party is fully compliant with the GDPR as required by law.
How to I make a query in relation to my or my clients data?
If you have any queries regarding any of your or your client’s personal data you can contact us at firstname.lastname@example.org with your request. We will respond within 30 days of us receiving your message.
When will EQUALIBRAS be ready for GDPR compliance?
EQUALIBRAS will be fully compliant with GDPR when it comes into force on the 25th May 2018.
Any other Questions?
If you have any further questions, feel free to contact the Data Protection Officer at EQUALIBRAS who can be found by emailing email@example.com