GDPR Compliance Process [Revised May 23rd, 2018]
The much awaited “GDPR” (General Data Protection Regulation) unveiled by the European Union will come into effect on May 25th, 2018. JetApps has been hard at work implementing this process of data privacy and the “right to be forgotten”. We are happy to announce that JetApps is now fully GDPR complaint. We are also committed to helping clients bring their businesses to full compliance as quickly as possible.
GDPR Key Terms
In order to better understand GDPR and how JetApps brings you one step closer to GDPR compliance, let’s define some of the key terms within this regulation:
Data Subject: Is the identifiable person based upon the personal data. Data subjects may ask to have their data removed from your servers in a timely manner.
Personal Data: Information that relates directly to the data subject. The main purpose of GDPR is to allow data subjects’ personal data to be removed from companies when it is no longer needed, or by personal request.
Data Controller: A person, business or public agency which receives personal data and determines how to process this data.
Data Processor: A person, business or public agency which processes personal data on before of the Data Controller.
GDPR Key Requirements
Personal data should only be kept for as long as it serves its original purpose. The Data Controller and Data Processor need to implement proper security measures appropriate to the level of data sensitivity and risk of breach. This includes data encryption along with other firewall protections. Ultimately, every business must show how they have become compliant with full disclosure to their clientbase.
A Data Controller MUST:
- Advise clients of GDPR compliance with company impact assessments.
- Provide Data Subjects with breach notifications, data security methods, option for destruction of data as well as contribution to Data Subject audits.
- Assign a Data Protection Officer (DPO) that is in charge of implementing the GDPR compliance policy on behalf of their company as well as answering to regulators.
A Data Processor MUST:
- Be transparent and traceable.
- Consider data protection by design and have it be the default setting.
- Guarantee data security.
- Assist, alert and advice Data Controllers of any potential data breach.
JetApps GDPR Compliance