GDPR is an EU regulation that is aimed at protecting the data and data rights of EU residents (Data Subjects).
Ask yourself some basic questions – answering yes to any of these may mean that your company may be subject to GDPR: Do I transact business in the EU? Do I have a physical location in the EU, EU employees or do I transact business in an EU currency? All of these scenarios could indicate… READ MORE
Data subjects are EU residents. EU citizens living abroad are not. Only people can be data subjects; trusts, companies, business, etc. are not data subjects.
GDPR defines protected data as any information relating to an identified or identifiable natural person. Data relating to businesses are not protected. Some data that falls under PII for GDPR include: Name and Address; Economic Data, like income and transactional data; Racial, sexual orientation, and political data; IP address, browser cookie data; and biometric data… READ MORE
GDPR defines two types of users of data: Controllers and Processors. Controllers are the firm that is in charge of determining how data should be treated. Processors are the firms that conduct processing. GDPR does not allow for controllers to assign any responsibility to processors and leave the controller risk free. Ultimately, Controllers are responsible… READ MORE
GDPR requires that you notify the appropriate regulators within 72 hours. At that time, you must be able to identify what data and data subjects were compromised, the consequences/severity of the data, and the actions that your firm needs to take or is taking.
Consent is required for processing that is not in the normal legitimate interest of the business. It must be freely-given, meaning that there can be no change in the business relationship due to the giving or withholding consent. Consent cannot be required to use a service or to be a client. Also, the consent must… READ MORE