Does your organization have a website privacy policy that documents your fair, transparent, and lawful use of personal data?.
Does your organization use or do business with any vendors, contractors, or third parties such as those described in question 2 above?. Does your organization store any personal data that identifies or that can be used to identify (directly or indirectly) individuals under the age of 16?. Does your organization store any particularly sensitive personal data in electronic or other readily accessible format? ( racial/ethnic origin, political opinions, religious beliefs, union memberships, genetic information, biometric data, health/medical data, sexual orientation, sexual inclinations or proclivities, criminal charges, criminal offenses, criminal convictions). Does your organization store any of the personal data described above in Question 1 in electronic or other readily accessible format for any natural persons, including current and former employees, current and prospective customers, and visitors to your organization’s website?. If you answered “yes” to either of the above questions, you may need to comply with the GDPR. Does your company store any personal data with any processors within the European Economic Area (EEA)? Data processors may include managed data centers, cloud storage servers (e.g., Amazon Web Services, Dropbox), payroll agencies, solicitors, accountants, third party email marketing companies. Does your company receive or collect personal data from organizations or natural persons residing or operating in the European Economic Area (EAA)? Personal data may include names, dates of birth, email addresses, identification numbers (e.g., employee ID nos.), website cookies, IP addresses, geolocation data, purchase histories, services used or subscribed to, communications (e.g., website chats or social media posts, even if publicly visible), social media pictures, video or audio recordings, promotions used, survey responses, download records. If you need to comply and you fail to do so, you may be subject to a fine of up to the greater of €20 million or 4% of last year’s revenue. 
Do you need to comply? Our self-assessment can help you figure that out. The EU’s General Data Protection Regulation (GDPR) became effective last Friday, May 25, 2018.
Europe has now taken things even further. With data breaches becoming commonplace and hackers becoming more and more sophisticated, all companies need to take IT security much more seriously, beginning with a privacy policy and a data security policy. And if you’re doing business in Europe or with Europe, as of last Friday, you now need to know about the GDPR. Do you have a privacy and data security policy? These days, you should.
0 kommentar(er)
