Businesses around the world, large or small in size are preparing for compliance with the European Union’s (EU) new data privacy laws: The General Data Protection Regulation, or the GDPR for short. The GDPR goes into effect on May 25, 2018.
The GDPR is applicable to businesses both in and outside of the EU. Businesses that do not comply with the GDPR could face steep fines.
We’ll cover some of the common questions about the GDPR and how HostUpon will comply with the new data privacy laws. That being said, you should also consult your own legal counsel to determine if you are subject to the requirements of GDPR.
What is GDPR?
GDPR is short for the General Data Protection Regulation that goes takes effect on May 25, 2018. It was passed by European lawmakers to create a harmonized data privacy law across all the EU member states with the purpose to:
- Support privacy as a fundamental human right.
- Require businesses that handle personal data and information to be accountable for managing that data appropriately and give individuals the rights over how their personal data is processed or otherwise used.
What is considered personal data?
The GDPR defines personal data as “any information relating to an identified or identifiable natural person.”
So what does this actually mean?
In addition to the basic information you might think about – name, address, email address, telephone number, financial information, contact information, etc, personal data can also include information related to your digital life, such as an IP address, geo-location, web browsing history, cookies, or other digital identifiers. It also could mean information about a person, including their physical, mental, social, economic or cultural identities.
If information can be traced back to or related in some way to an identifiable person, it is highly likely to be considered “personal data” under the GDPR. You can learn more about the GDPR here.
What rights does the GDPR provide to individuals?
There are several rights an individual may exercise under the GDPR, including the following:
- Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time.
- Right to be forgotten: Individuals can ask to delete their personal data.
- Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data.
- Right of portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format.
- Right to object: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.
Please be aware that these rights are not absolute. Limitations and exceptions may apply in some cases.
What is HostUpon doing to comply with the GDPR?
How does the GDPR affect your business?
Anyone (individuals, companies, or businesses of any size) that have a presence in the EU or offer goods or services to, or monitor the behavior of, individuals in the EU need to comply with the GDPR.
We are reviewing and updating, as necessary, our agreements with you and with our subcontractors (to include the necessary GDPR terms), as well as notices, policies and internal processes, features, and templates to assure our compliance and help you achieve compliance.
Please consult with your own legal counsel about whether GDPR applies to you and your business and what actions you need to take to comply with the GDPR.
What if I have more questions about GDPR?
If you have specific questions about HostUpon’s GDPR compliance, please contact HostUpon Support and we’ll be happy to answer any questions you may have.
NOTE: The information included on this page is meant to guide you through the process of understanding GDPR and is not a substitute for legal advice. Find more information on the GDPR website.