{"id":8713,"date":"2020-01-06T14:13:39","date_gmt":"2020-01-06T22:13:39","guid":{"rendered":"https:\/\/www.knowledgecity.com\/blog\/?p=8713"},"modified":"2024-04-05T10:47:32","modified_gmt":"2024-04-05T17:47:32","slug":"compliance-general-data-protection-regulation","status":"publish","type":"post","link":"https:\/\/www.knowledgecity.com\/blog\/compliance-general-data-protection-regulation\/","title":{"rendered":"How to be in Compliance with the General Data Protection Regulation"},"content":{"rendered":"

If you do any business that could gather information from citizens of the European Union, you must make sure that your organization is in compliance or face hefty fines.<\/p>\n

\"IT<\/p>\n

What is the GDPR?<\/strong><\/p>\n

The General Data Protection Regulation serves to protect several types of personal data<\/a> including name, address, identification numbers, location and IP addresses, cookie data, and personal information (racial and ethnic data, health and genetic data, biometrics, political affiliations, gender and identity, etc.).<\/p>\n

Personal and Sensitive Data<\/strong><\/p>\n

The European Union defines personal data<\/a> as \u201cany information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.\u201d The GDPR protects personal data of all residents of the European Union regardless of the technology used to process that data. Regardless of how data is gathered, stored, or processed, it is protected by the GDPR.<\/p>\n

\u00a0<\/strong>Who Must Comply?<\/strong><\/p>\n

The GDPR applies to<\/a> all members of the European Union, as well as any company outside of the EU that markets goods or services to EU citizens. As a result, the GDPR affects global data protection requirements. Most companies that do international business must be compliant with GDPR because of this.<\/p>\n

\u00a0<\/strong>How This Affects You and Your Business<\/strong><\/p>\n

The GDPR mandates that equal liability is applied to data controllers (the organizations that own the data) and data processors (organizations that manage the data). If your organization uses the services of a third-party data processor that is not in compliance, then your organization is not in compliance<\/a>. It is important to revise contracts with third party data processors that define how data should be managed and protected, as well as how breaches of data security should be handled.<\/p>\n

For U.S.-based businesses<\/a>, there is an increased need to evaluate consent. GDPR pushes companies to make updates that give consumers greater control over their personal data, including how it is shared and gathered. Furthermore, minors under the age of 16 need parental consent to share personal data, meaning that companies need to be mindful of adding age clauses to their privacy policies.<\/p>\n

The GDPR imposes fines on companies that control and process data that are found to be non-compliant. Fines<\/a> are determined based on the following criteria:<\/p>\n