Is your IT supplier GDPR compliant?
What is the GDPR?
The General Data Protection Regulation is a new privacy regulation across the European Union. It provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data.
Does the GDPR apply to my organization?
The GDPR applies more broadly than might be apparent at first glance. The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents—and it applies to organizations that are established in the European Union (EU), that offer goods or services in the EU, or that monitor the behavior of EU residents. Unlike privacy laws in some other jurisdictions, the GDPR is applicable to organizations of all sizes and all industries. The EU is often viewed as a role model on privacy issues internationally, so we also expect to see the concepts in the GDPR adopted in other parts of the world over time.
Does the GDPR apply to my data?
The GDPR regulates the collection, storage, use, and sharing of “personal data.” Personal data is defined very broadly under the GDPR as any data that relates to an identified or identifiable natural person. If your organization has such data—in customer databases, in feedback forms filled out by your customers, in email content, in photos, in CCTV footage, in loyalty program records, in HR databases, or anywhere else—or wishes to collect it, and if the data belongs or relates to EU residents, then you need to comply with the GDPR. Note that personal data doesn’t need to be stored in the EU to be subject to the GDPR—the GDPR applies to data collected, processed, or stored outside the EU if the data is tied to EU residents.
Talk to the IT engineers