The new GDPR legislation is enforceable on May 25th, 2018. It upholds the highest standards of data privacy, and applies to any website that collects data from EU citizens. We are based in Austria and subject to GDPR regulations, this means we apply the highest data protection standards to protect your data.
General Questions
The GDPR was approved and adopted by the EU Parliament in April 2016.GDPR came into force on 25th May 2018. The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
Data plays a critical part in both digital and direct marketing strategies and therefore marketers must ensure they have demonstrated clear compliance and consent. CMOs and marketers must demonstrate how the data subject has consented to the processing of their personal data. Marketing databases have to be cleansed and reviewed to ensure that the organisation can identify consent which has been granted lawfully and fairly. Although GDPR only affects citizens living in the European Union, it is recommended that companies that operate internationally ensure all of their global audience is GDPR compliant to meet stringent data regulations in the future.
Increased territorial scope, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.
Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
The conditions for consent have been strengthened, and companies are no longer able to use long illegible terms and conditions full of legalese.
Breach notifications are now mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”.
The right for data subjects to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, where and for what purpose.
The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.