The General Data Protection Regulation (GDPR) is the most comprehensive European data privacy law in decades and it came into effect on 25th May 2018 replacing the Data Protection Act of 1998.
Claimable is fully GDPR compliant and we are committed to maintaining our support and compliance going forward.
In order to make it easier to understand the changes that the GDPR has enforced and the effect it has had on businesses, this article will explain its main points.
The GDPR aims to protect European citizens, strengthening user data privacy. Thanks to the law, individuals now have more control over how and where their data are processed. Nevertheless, the GDPR does not only affect European companies but it has global consequences. In fact, any organisations that handle EU citizens' data, regardless of their location, must adhere to the law. Non-compliance is severely punished. Organisations can be fined up to €20 millions or 4% of their annual global turnover.
The Core Principles of the GDPR
The GDPR introduces new concepts and companies will have new obligations toward individuals.
Here are the key points and goals of the GDPR:
Data Portability
Companies will need to be able to provide users with their data in a machine-readable format when requested.
Consent
The consent request form will need to use plain and clear language, avoid pre-ticked boxes and include the purpose of data processing in an easily accessible form. In addition, companies will be obliged to keep records of the consent forms received.
Right to Erasure
Also referred to as "the right to be forgotten", it means that individuals can withdraw consent and companies will be obliged to delete any information about the person exercising the right.
Right to Access
Data handlers will need to be able to provide individuals with information about where and for what purpose data are being processed.
Privacy by Design
Technical and organisational measures will need to be implemented to show that the GDPR is fully integrated into the company activity. This also means that companies will be obliged to use only data processors that guarantee the requirements of the regulation are met.
Claimable is committed to helping our customers comply with the GDPR and, as a data processor, we are fully GDPR-compliant.