EU General Data Protection Regulation (GDPR) is an important step to strengthen data privacy rights to harmonize data privacy laws across Europe. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018. GDPR affects companies processing or controlling personal data of data subjects located in the EU.
Personal data consists of any information that allows to identify a person directly or indirectly. This could be such things as a name, an email address, bank details, an IP address or a social media post.
Art. 4 GDPR: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Source.
At SocialDatabase, data privacy has been an important foundation for all the work we have done in the past and it will continue to be an essential part of our company’s DNA. Regarding GDPR, we’ve conducted a thorough gap analysis, making us GDPR compliant since May 25, 2018. We have improved and incorporated various areas affected by GDPR, such as the legal basis for data processing, rights of data subjects, obligations of controllers and processors, privacy notice, security aspects, data breaches, privacy and data protection by design, data protection impact assessments, or data transfer mechanisms. We additionally expanded our team to further ensure data privacy.