On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. Privacy Central is here to help our customers in their efforts to comply with the GDPR through our robust privacy and security protections.
GDPR provides you with several rights around the management of your personal information.
These rights include:
Is there a GDPR certification?
No, there is not currently a GDPR certification issued by the European Commission. Privacy Central will be monitoring any certifications that come out after the GDPR goes into effect and will certify to them, if it is deems them to be appropriate.
What is the difference between the “right to restrict processing” and the “consent management?
The right to restrict processing refers to the right of Data Subjects to request that a data controller block or suppress the processing of their personal data. Regarding consent management, in order to process personal data, organizations must have a lawful basis to process the data. Under the GDPR, there are six legal bases which organizations can rely on to lawfully process personal data. One basis for processing is with the consent of the data subject. If an organization is relying on consent, and an individual requests a restriction of processing of their personal data, depending on the circumstance of the request, organizations may also want to consider whether to update the individual’s consent preferences to reflect their desire for personal data processing to cease. Organizations should seek legal counsel to understand what legal bases they are relying on to lawfully process personal data, their obligations under the GDPR, and then design their process.
Is encryption required by the GDPR?
No. Encrypting your data at rest is not specifically required under GDPR.