What is GDPR?
The GDPR (General Data Protection Regulation) was introduced to give citizens and residents control over their personal data and to simplify the regulatory environment for international business. When GDPR enters into force, it will replace the Data Protection Directive 1995 (Directive 95/46 / EC).
It shall be valid from 25 May 2018.
The General Data Protection Regulation will actively contributes and protects individuals against the processing of personal data and will apply to all EU Member States.
What are obtained as personal data and what are considered for their processing?
The GDPR defines as personal data:
- Location information, etc.
The official document that you can find here, defines any information associated with an individual directly or indirectly as personal data.
Data processing is defined as collection, registration, storage, communication, destruction, etc.) where it is carried out with or without the use of automated means, personal data or personal data sets.
The GDPR was created to protect the rights of people who give you their data and to boost the online market as only 19% of them feel safe online today.
Websites that need to start making changes are the ones that collect information, process and store visitor / customer data. Examples of websites that are of interest directly are those who use the following practices:
- Google Analytics
- Registrator form
- Contact form
- Newsletter form
- E-Shop which collects personal payment information, orders,
- Any sites that use third party services for annotations in their articles like Disqus, etc.
- Data processing for another company? Make sure you have a binding contract that lists the responsibilities of each party.
As we see, it’s about everyone!
WHAT ASKING FOR US?
You need to make sure that decision makers and key people in your organization know that the law is changing to GDPR. They have to assess the impact it is likely to have
- Information you hold
Identify which personal data you retain, where you came from and who you share with. You may need to organize an information check
- Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation
- Individuals’ rights
Review procedures to make sure they cover all the rights that individuals have, including how you will delete personal data or provide the data electronically and in an ordinary format
- Subject access requests
You need to update your processes and develop how you handle requests within the new schedules and provide any additional information
- Lawful basis for processing personal data
The legal basis for your GDPR processing activity should be determined, substantiated and updated with your privacy notice to explain it
You should check the way you seek, record and manage your consent, and if you need to make any changes. Renew existing recommendations now if they do not meet the GDPR standard
You should start thinking now if you need to install systems to verify the age of individuals and get the consent of parents or guardians for any data processing activity
- Data breaches
You must make sure that appropriate procedures are in place to identify them, as well as report and investigate a personal data breach
- Data Protection by Design and Data Protection Impact Assessments
You should now be familiar with the ICO Code of Practice on privacy impact assessments as well as with the latest Article 29 Working Group guidelines and determine how and when to apply them to your organization
- Data Protection Officers
A responsible legal counsel should be assigned to take responsibility for compliance with data protection and to assess where this role will play in the context of its structure and governance. The case should perhaps be considered for an official data protection officer
If your organization is active in more than one EU Member State (ie conducting cross-border processing), you should specify your data protection supervisor. The Article 29 guidelines will help you do that
What does Vision4Reality do for GDPR
The personal information we collect is to facilitate the services we offer and keep only from Vision4reality and for as long as we have active cooperation. These are the address, name, VAT number (to issue a receipt or invoice), telephone. They are done with your consent once you sign up for your My Account. No payment card details are kept even if a card payment is made for security reasons. After the collaboration, all details and any communication made via your My Account system are deleted.
- The right to information (Learn more)
- The right of access / right of rectification (Learn more)
Your account provides full self-service that gives you access to updating your personal information, such as name, email address, postal address, telephone number, etc.
- The right to data portability (Learn more)
Data portability means the right to receive personal data in machine readable form and the submission of a request to transfer this data directly from one controller to another. This right only applies when processing is based on consensus or performance of the contract and when the processing is done by automated means. There is no right to charge fees for this service. Upon your request, we extract a JSON file from the system of your personal data for their portability.
- The right to erasure (also known as the ‘right to be forgotten’) (Learn more)
If we receive a request to delete your account, all data associated with you is immediately deducted, including personal information on your profile, service history and invoice history, activity log entries, support tickets, and email history.
Αfter the expiry of a period of six months the inactive accounts are deleted automatically.
- Contract / Agreement (Learn more)
- Consent (Learn more)
The newsletter is sent to you with your consent as soon as your email is entered in the form on the main page.
The newsletter on your account profile has an acceptance or rejection option. Finally, in the newsletter campaigns there is the option to opt out.