What is GDPR Compliance
GDPR Compliance: Let’s talk about it. In the last 20 years, the global economy became increasingly digitized. As a result, many companies now hold highly sensitive and personal customer information obtained from various sources. Data is associated with significant security risk if it’s stolen or abused.
What is GDPR Compliance?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.
General Data Protection Regulation was officially adopted by the European Parliament in April 2016 to specify how customer data should be used and protected. Following a two-year post-adoption period it will become enforceable in May 2018. GDPR will replace the 1995 EU Data Protection Directive, which was introduced two decades ago when the Internet has not yet revolutionized business communications.
The Impact of GDPR Compliance
GDPR applies extraterritorially to all parties involved in selling goods and services to EU citizens and processing their personal data. This includes companies on other continents, regardless of whether they are registered or operating within the EU. As an IT or cybersecurity professional, you must learn how to address major data protection requirements and make sure that software vendors you collaborate with are 100% GDPR compliant.
If data privacy infringement is committed, GDPR allows fines to be issued for violators, up to a maximum of either €20 million or 4% of the worldwide turnover, whichever is greater.
At SpinOne we welcome the General Data Protection Regulation (GDPR) enforcement for B2B markets as it is individuals who handle business relationships. We are confident that GDPR compliance will help SpinOne demonstrate that it has a high level of cyber security expertise and management when storing, encrypting, backing up, and securing our customer confidential data.
GDPR Overview. Why Important for Personal Data Protection?
It should be noted that seven essential requirements have been determined by GDPR to address personal data processing control issues.
7 core citizen rights afforded under GDPR requirements for personal data protection
- Consent. In obtaining consent for data use, companies cannot use indecipherable terms and conditions filled with legalese. It must be as easy to withdraw consent as it is to give it.
- Breach Notification. In the event of a data breach, data processors have to notify their controllers and customers of any risk within 72 hours.
- Right to Access. Individuals have the right to obtain confirmation from the data controller of whether their personal data is being processed. The data controller is obliged to provide an electronic copy for free to data subjects.
- Right to be Forgotten. When data is no longer relevant to its original purpose, data subjects can have the data controller erase their personal data and cease its dissemination.
- Data Portability. Allows individuals to obtain and reuse their personal data for their own purposes by transferring it across different services.
- Privacy by Design. Calls for the inclusion of data protection from the onset of designing systems, implementing appropriate technical and infrastructural measures.
- Data Protection Officers. Professionally qualified officers must be appointed in public authorities or organizations that engage in large-scale (companies with more than 250 employees) systematic monitoring or processing of sensitive data.
Below is a brief introduction to six key GDPR principles and how SpinOne follows the GDPR requirements.
Fairness and Transparency.
What is GDPR Compliance
Organizations must always process personal data lawfully, fairly, and in a transparent manner.
Based on its professional expertise, experience, best practices, and customer feedback, SpinOne has developed transparent and accurate Terms of Service and Privacy Policy. These documents describe the conditions of obtaining, storing, and processing personal data of SpinOne’s service users. As of May 25, 2018, this Privacy Policy will be updated according to the GDPR requirements.
SpinOne will offer its customers the right to choose a geographic location of their data storage upon installation of SpinOne’s application. This feature allows European customers the choice of storing their data at the European data center of Amazon, located in Dublin.
Purpose Limitation
Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal information in a manner that’s incompatible with those purposes.
Upon customer registration, SpinOne introduces the customers to the Terms of Service and Privacy Policy. By clicking the “I AGREE” button, the customer confirms that they understand the Terms of Service, along with what information is obtained, stored, and processed, and for what purpose. Additionally, by clicking the “I AGREE” button, the customer accepts these terms.
Data Minimization
Organizations can collect only personal data that’s adequate, relevant, and limited to what’s necessary for the intended purpose.
The information stored in the Google Workspace profile is the primary data source for SpinOne. This data will be retained by SpinOne only for the purpose of correctly displaying information about the users.
Accuracy
Personal data must be accurate and kept up to date when necessary.
SpinOne automatically updates data every time a user updates their data in the Google profile. There is no other way to change or update information in SpinOne’s system.
Data Deletion
Personal data must be kept only for as long as it’s needed to fulfill the original purpose of collection.
SpinOne stores customer data only as long as it is needed to provide quality service to its customers. Any customer data that a customer leaves behind will be automatically deleted by SpinOne after 30 days, which is when the licenses expire.
Additionally, SpinOne can delete data upon a customer’s request, if such a request meets the GDPR requirements and other legal acts.
Security
Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration. Depending on the specific use case and personal data processed, the use of data segregation, encryption, pseudonymization, and anonymization is recommended, and in some cases required to help protect personal data.
SpinOne employs a professional team of technical and cybersecurity specialists. The experience of SpinOne’s team allows it to provide a cutting-edge service built on the “privacy by design” and “privacy by default “principles.
Compliance
A data controller is responsible for implementing measures to ensure that the personal data it controls are handled in compliance with the principles of the GDPR. This includes appointing a data protection officer, imposing contractual obligations on processors), and using the principles of “privacy by design” and “privacy by default.” Additionally, a data controller must be able to demonstrate compliance, including keeping a record of processing activities and conducting privacy impact assessments.
SpinOne’s GDPR Compliance
Recognizing the importance of GDPR compliance, SpinOne applies Google Workspace Security best practices, international standards, and follows legal requirements when building an Information Security Management System (ISMS) within the company. We incorporate the highest security standards into every phase of SpinOne’s software development process, from the outset to completion.
SpinOne employs the highest data security and privacy controls, audited regularly in our SOC 2 reports. SpinOne’s cutting-edge services are driven by a collaborative effort with leading cloud service providers such as Amazon, Google, and Microsoft, whose reliability is globally recognized. SpinOne follows the recommendations provided by ISO/IEC 27002 to ensure that the information security controls are implemented in SpinOne.
Learn more on the decisive role of CASB (Cloud Access Security Broker) in securing your data!
Frequently Asked Questions
Is GDPR required in the US?
No, unless your business collects the data of the citizens of EU countries.
What is required to be GDPR compliant?
Business needs to meet GDPR’s 10 key requirements:
1. Lawful, fair, and transparent processing ·
2. Limitation of purpose, data, and storage ·
3. Data subject rights ·
4. Consent ·
5. Personal data breaches.
6. Privacy by design.
7. Data protection impact assessment.
8. Data transfers.
9. Data protection officer.
10. Awareness and training.
What is the equivalent of GDPR in the US?
The CCPA (or California Consumer Privacy Act) is the equivalent of the GDPR.
Was this helpful?
How Can You Maximize SaaS Security Benefits?
Let's get started with a live demo
Latest blog posts
Why a Reliable Backup Plan is Your Best Defense Against Cybersecuri...
…and the Most Boring Way to Protect Your Organization I’ve written about the importance of...
Why Google Drive Backups Are Important
Google Drive offers customers a unique blend of robust security features to keep their data...
Evaluating the Best Backup Services: What to Look For and Popular O...
If you’re here right now you’ve probably realized how important it is to backup your...