The GDPR is a new EU privacy law that that comes into effect May 25 this year.
It's intended to strengthen and standardize the privacy of EU residents.
Who does it apply to?
The GDPR regulates companies operating in the EU
and handling personal information, companies outside the EU providing goods
or services to EU residents and companies monitoring EU residents' behavior in the EU.
In other words, not only companies with business sites in the EU,
but also those who collect and process personal information about EU residents, even if they do not have a place in the EU, are subject to GDPR obligation.
What does GDPR regulate?
GDPR regulates the processing of personal information about EU residents,
including the collection, storage and transmission or use of personal information.
GDPR grants data entities more rights and control over their data by regulating the storing and processing method of their personal information.
The personal information defined by GDPR includes basic information (name, address, etc.),
web information (location, IP address, cookie data, RFID tag, etc.), health/genetic information,
biometric information, racial/ethnic information, political opinion, and sexual orientation.
We are preparing as follows in response to GDPR
We value our customers (and their customers) rights to privacy. In compliance with the GDPR,
we are preparing the following new features and services.
- •Appoint a Data Protection Officer COMPLETE
- •Obfuscation of end-user IP information collected and deleted COMPLETE
•Development of Opt-OutOpt-out is a method of collecting personal information until the parties explicitly denyfunction : Feature that does not collect data of users when opted out IN PROGRESS
the collection of personal information
- •Provide Data Processing Agreement in accordance with the GDPR IN PROGRESS
What happens if we don't comply with the GDPR?
In the event of a serious breach, you can be subject to administrative fines up to €20 Million,
or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year (whichever is larger).
In the event of a general offense, you can be subject to administrative fines up to €10 Million, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year (whichever is larger). In addition, the authority to determine whether and to what penalties are imposed shall be given to Member State supervisory bodies.
Do we need to appoint a DPO?
A Data Protection Officer must be appointed in the case of: (a) public authorities, (b) entities that engage in large scale systematic monitoring, or (c) entities that engage in large scale processing of sensitive personal data. If you don’t fall into one of these categories, then you do not need to appoint a Data Protection Officer.
What do Beusable/Beusably customers need to do as a Data Controller?
When using Beusable/Beusably, the following obligations apply to data controllers, who's handling personal information of users in the European Union (EU).
Since Beusable/Beusably collects and stores cookies and IP information, you must obtain legitimate consent of the end user to use.
- Must have signed record from the end user.
- Must provide clear instructions to the end user about withdrawing consent.
- Must provide end users with easily accessible information about your personal data.
*What is a controller?
'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Do we need to sign a Data Processing Agreement with Beusable/Beusably?
If you are an entity based in the EU, or collect data from data subjects in the EU you should sign a Data Processing agreement with Beusable/Beusably. Currently we are working on a specific Data Processing Agreement intended to cover all terms as required under the GDPR.