The European Union’s General Data Protection Regulation (GDPR) will come into effect from May 25, 2018. Klenty is fully committed to meet the GDPR requirements.
What is GDPR?
The new General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) helps protect and ensure the privacy rights of European Union (EU) and European Economic Area (EEA) citizens and aims to harmonize data privacy laws across Europe, while expanding the rights and empowerment of individuals in regard to the control of their personal information.
GDPR Key Changes
- Increased Territorial Scope: The law applies to all companies processing the personal data of European Union (EU) residents, regardless of the companies location.
- Data Subject Rights: The law provides EU individuals the right to exercise complete authority over their personal data. They now have a greater control over how their personal data is used, processed or disposed.
- Consent: The subject should give you a clear consent about how their personal data will be processed. Companies should also make it easier for the subjects to withdraw their consent any time easily.
- Right to Access: The subjects have the right to obtain the confirmation from the data controller as to whether or not personal data concerning them is being processed, where and for what purpose.
- Right to be Forgotten: This entitles the subjects to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties stop processing of the data.
- Data Portability: This provides the right for the subjects to receive the copy of their personal data in machine readable format from the data controller and have the right to transmit that data to another controller.
- Breach Notification: It is mandatory for the data controllers to notify the stakeholders within 72 hours of becoming aware of the data breach
- Data Protection Officer: Companies may need to appoint an employee or external service provider as Data Protection Officer, who is responsible for overseeing GDPR, privacy management and data protection practices.
- Privacy Impact: Companies must conduct privacy impact assessments of their data processing to minimize the risks and identify measures to eliminate them.
- Penalties: There is a tiered approach to fines. The maximum fine that can be imposed for the most serious infringements is up to 4% of annual global turnover or €20 Million (whichever is greater).
What is Klenty doing to be compliant with GDPR?
Klenty currently works with a large number of customers from the EU and is fully committed to ensuring that all appropriate and necessary changes in the app, on the website are rolled out well in advance of the deadline date of May 25, 2018.
As a Data Processor, Klenty has identified the all the obligations that we need to fulfill to make sure that the Data Security and Privacy of our customers are safe-guarded. We are actively working on the following, but not limited to:
- Implementing necessary changes to the product and the website around data access and portability
We will share more information as we progress with our compliance plan, but feel free to reach out to us for additional clarifications you may have.