General Data Protection Regulation (GDPR)

What does GDPR stand for?

GDPR stands for General Data Protection Regulation. It’s the core of Europe’s digital privacy legislation.

A digital future can only be built on trust. With solid regulated standards for data protection, the consumer can be sure they remain in control of their personal information when engaging in the digital sphere.

The GDPR aims to simplify the regulatory environment for business so both citizens and businesses can fully benefit from the digital economy.

The reforms are designed to reflect the world we’re living in now, and bring laws and obligations – including those around personal data, privacy and consent – up to speed for the internet-connected age.

Fundamentally, almost every service we use involves the collection and analysis of our personal data. 

Your name, address, credit card number and more all collected.

The way this data is stored / and 

What is GDPR compliance?

Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it – and those people often have malicious intent.

Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.

Who does GDPR apply to?

GDPR applies to any organization which offers goods or services to customers or businesses in the EU. 

That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy.

Personal Data

The term ‘personal data’ refers to any information which is related to an identified or identifiable natural person.

The data refers to such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. 

In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.

Since the definition includes “any information,” one must assume that the term “personal data” should be as broadly interpreted as possible. The same also applies to IP addresses. 

Data must therefore be assignable to identified or identifiable living persons to be considered personal.

In addition to general personal data, one must consider above all the special categories of personal data (also known as sensitive personal data) which are highly relevant because they are subject to a higher level of protection. These data include genetic, biometric and health data, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership.

Encryption

A data breach risk can significantly be reduced with state of the art encryption and this refers to the procedure that converts clear text into a hashed code using a key, where the outgoing information only becomes readable again by using the correct key. 

Encryption is the best way to protect data during transfer and one way to secure stored personal data. It also reduces the risk of abuse within a company, as access is limited only to authorised people with the right key.

Email Marketing

Newsletter mailings and e-mail marketing are a fixed part of the online marketing universe. 

Marketing emails may be sent to potential customers without consent. To receive no further information by newsletter or e-mail, the customer receiving them need only object to processing for marketing purposes. 

If the Customer objects, he/she needs to “unsubscribe”  from the email senders list by clicking on the relevant link in the email.