Does your US-based company Store or Process data of EU subjects
May 15, 2018
Email, photos, loccation details, IP address, sites you visited, all are stored digitally.
A directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods (art 288§3 TFUE).
To give people more control over how their personal data is used, the European Union is enforcing a new privacy reguation, GDPR. GDPR will change the way you deal with data from suppliers, customers and other individuals in the EU. As a Controller or Processor, you will have to prove that you are complying with and enforcing all the principles below.. Even if you don’t have a subsidiary in the EU.
A controller is governed by the GDPR, if the controller does have establishments in the EU and further the data processing is related to the offering of goods or services to data subjects in the EU, or the monitoring of their behaviour within the EU.
How do you prepare for GDPR?
1.Be transparent; explain why it is collected and what it will be used for
2.Limit the purpose; use personal data only for the purpose it was collected for
3.Minimize data; ensure that you are storing the minmum amount of data requried for your purpose
4.Be acucurate; take all the steps necessary to ensure that peorsonnal data is and stays accurate
5.Respect the data retention period, don’t keep data longer then necessary
6.Secure all data; keep the data secure at all times enforing strict security rules for the entire information flow, from acquisition to retention
And most of all, be able to demonstrate your accountability with all the necessary documentation.