About GDPR

GDPR

23 May About GDPR

GDPRAbout GDPR

EN | TH

By now, you’ve probably heard of the General Data Protection Regulation (GDPR) and we know you might have a few questions about how to prepare for it. Here’s what we know about how it might affect Aware, our visitors and our clients.

This article is provided as a resource, but it’s not legal advice. We encourage you to speak to legal counsel to learn how the GDPR may affect your organization.

 

What and Who

The GDPR is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable on May 25, 2018. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU.

Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR. This includes using analytics and newsletter signups. If you are tracking traffic or accepting queries from your website, you need to be compliant.

 

About Consent

You need to have a legal basis, like consent, to process an EU citizen’s personal data. Under the GDPR, you may use another legal basis for processing personal data.. This consent must be specific and verifiable.

Verifiable consent requires a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.

 

About Individual Rights

The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data and can ask you to do certain things with that data. You should be prepared to support people’s requests in a prompt manner. People have the right to request their personal data be corrected, provided to them, prohibited for certain uses, or removed completely.

You should also be able to tell someone among other things, how their personal data is being used. If they ask, you’re obligated to share the personal data you hold on an individual or offer a way for them to access it.