What is regulated by GDPR?
GDPR is concerned with the processing of:
- Personal data – any information that can be used to directly or indirectly identify an individual.
- Sensitive personal data – Personal data revealing race/ethnicity, political opinions, religious/philosophical beliefs, union membership, data concerning health or sex life.
In relation to GDPR, processing refers to any operation or set of operations performed upon personal data. This includes the alteration, collection, combination, consultation, destruction, disclosure by transmission, distribution, organization, recording, restriction, retrieval, storage, structuring, and use of all data that could be considered personal or sensitive personal data belonging to a resident or citizen in the European Union. Yes, that’s a long list of operations so a good rule of thumb is if you’re collecting data in any way from a resident or citizen in the EU, it’s essential to develop a GDPR compliance program for your organization.
Who does GDPR apply to?
GDPR applies to controllers and processors of the data mentioned above. “Controllers” are the entities that determine the purposes, conditions, and means of processing data, for example, a hospital. The “processors” are the entities that process the data on behalf of the controller, for example, a technology provider that hosts software on behalf of the hospital.
What do I have to do to be GDPR compliant?
The three most important things you can do to get your GDPR program started are:
- Inventory all of your processing activities – This includes identifying all of your organization’s processing activities, the purpose for which data is being processed, and the legal basis for processing.
- Obtain consent from data subjects where required – This typically includes data collected from your website, advertising technology, or contact lists.
- Update your privacy notices on your website and in any other contracts you have with parties whose data you collect.
The best way to avoid conflict with GDPR is to remain vigilant in your privacy and security practices. We’re here to help you with that process and answer any questions or address any concerns. Send us a message today or call 503-389-5666 to discuss how GDPR affects you and to make sure you have the right protections in place to stay compliant with the regulations.