Significant changes to data protection law in Europe are being introduced on May 25th, 2018. The General Data Protection Regulation (GDPR) expands the privacy rights granted to EU individuals. It also increases the obligations on organizations that market to, track or handle EU personal data, regardless of where an organization is located.
iStockist is here to help our customers in their efforts to comply with the GDPR through our privacy and security protections.
What is the GDPR?
The GDPR is a new comprehensive data protection law in the EU. As a result of rapid technological development and the complex international flows of personal data, it updates existing laws to strengthen the protection of personal data. It replaces national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What does GDPR regulate?
The GDPR regulates the processing of personal data. This includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law. Significantly, under the GDPR, the concept of “personal data” is broad and covers any information relating to an identifiable individual.
How does GDPR change the privacy laws?
The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:
- More rights for EU individuals: The GDPR provides more rights for EU individuals such as deletion, restriction, and portability of personal data.
- Compliance obligations: The GDPR requires organizations to implement compliant policies and security measures, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- Binding Corporate Rules (BCRs): The GDPR officially recognizes BCRs as a means for organizations to legalize transfers of personal data outside the EU.
- Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.
- One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
Additional information about the GDPR is available on the official GDPR website of the EU .
What iStockist is doing
iStockist welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU. It’s an opportunity for iStockist to deepen our commitment to data protection. Similar to existing legal requirements, compliance with the GDPR requires a partnership between iStockist and our customers in their use of our services.
iStockist will comply with the GDPR in the delivery of our service to our customers. We are also dedicated to helping our customers comply with the GDPR. We have closely analyzed the requirements of the GDPR and are working to make enhancements to our products, contracts, and documentation to help support iStockist’s and our customers’ compliance with the GDPR.
Any questions? Feel free to contact us.