main bannermain bannermain banner

Home

main bannerGeneral Data Protection Regulation

General Data Protection Regulation

General Data Protection Regulation (GDPR) Synopsis

The General Data Protection Regulation (GDPR) came into force on May 25, 2018, providing a unified data protection framework across the European Union (EU) and the European Economic Area (EEA). It enhances individuals' rights regarding their data.

1. Applicability:

GDPR applies to any entity processing the personal data of EU/EEA residents, regardless of where the processing organization is located. This includes commercial enterprises, non-profits, and governmental bodies.

2. Core Principles:

Organizations must adhere to GDPR's key principles:

  • Lawfulness, Fairness, and Transparency: Data processing must comply with the law, be conducted fairly, and be transparent to individuals.
  • Purpose Limitation: Data should be collected for specific purposes and not processed beyond those purposes without further consent or a legal basis.
  • Data Minimization: Only data necessary for the intended purpose should be collected.
  • Accuracy: Organizations are responsible for maintaining accurate data and correcting inaccuracies.
  • Storage Limitation: Data should only be stored for as long as necessary to fulfill its purpose.
  • Integrity and Confidentiality: Adequate security measures must be implemented to protect data from unauthorized access and breaches.

3. Rights of Individuals:

GDPR grants the following rights to individuals:

  • Right of Access: Individuals can obtain information about the data held by organizations.
  • Right to Rectification: Individuals can request corrections to their data.
  • Right to Erasure (Right to be Forgotten): Individuals can request deletion of their data in certain situations.
  • Right to Restriction of Processing: Individuals can request limitations on how their data is processed.
  • Right to Data Portability: Individuals can request a copy of their data in a portable format.
  • Right to Object: Individuals can object to data processing for specific purposes, including marketing.
  • Rights Related to Automated Decision-Making: Individuals have the right to challenge decisions made only based on automated processes, such as profiling.

4. Legal Basis for Processing

Our organization processes personal data based on several legal grounds, including consent, contract performance, legal obligations, vital interests, public tasks, and legitimate interests.

5. Consento

We rely on consent for processing personal data, ensuring it is freely given, specific, informed, and clear. Consent can be withdrawn at any time.

6. Data Protection Officer (DPO)

Our organization has appointed a Data Protection Officer (DPO) responsible for GDPR compliance and serving as a liaison with data protection authorities and individuals.

7. Data Breach Notification

In the event of certain data breaches, we are obligated to notify the relevant supervisory authority within 72 hours. If the breach poses high risks to individuals' rights and freedoms, we will also inform those affected.

8. International Data Transfers

Transferring personal data outside the EU/EEA requires safeguards such as standard contractual clauses (SCCs), binding corporate rules (BCRs), or reliance on European Commission adequacy decisions.

9:Responsibility and Documentation

We ensure GDPR compliance by implementing appropriate measures and maintaining detailed records of data processing activities.

10: Sanctions and Enforcement

Non-compliance with GDPR may lead to fines of up to 4% of an organization's global annual revenue or €20 million, whichever is higher. Supervisory authorities in each EU member state enforce these regulations.

GDPR compliance is an ongoing process requiring a deep understanding of the regulation, continuous monitoring of data processing activities, and regular policy updates.