Issue No. 71June 2018

“GDPR” Compliance 

Some of you may have heard the term “GDPR” recently in the news.  There are some major US companies looking to get compliant here.
So, what  is GDPR?
GDPR stands for General Data Protection Regulation.
How may GDPR affect my company?
The GDPR imposes a wide range of requirements on organizations that collect or process personal data that engage with the EU, including a requirement to comply with six key principles:
  • Transparency, fairness, and lawfulness in the handling and use of personal data. You will need to be clear with individuals about how you are using personal data and will also need a “lawful basis” to process that data.
  • Limiting the processing of personal data to specified, explicit, and legitimate purposes. You will not be able to re-use or disclose personal data for purposes that are not “compatible” with the purpose for which the data was originally collected.
  • Minimizing the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
  • Ensuring the accuracy of personal data and enabling it to be erased or rectified. You will need to take steps to ensure that the personal data you hold is accurate and can be corrected if errors occur.
  • Limiting the storage of personal data. You will need to ensure that you retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
  • Ensuring security, integrity, and confidentiality of personal data. Your organization must take steps to keep personal data secure through technical and organizational security measures.
What rights must companies enable under GDPR?
The GDPR provides EU residents with control over their personal data through a set of “data subject rights.” This includes the right to:
  • Access information about how personal data is used
  • Access personal data held by an organization
  • Have incorrect personal data deleted or corrected
  • Have personal data rectified and erased in certain circumstances (sometimes referred to as the “right to be forgotten”)
  • Restrict or object to automated processing of personal data
  • Receive a copy of personal data
Source:  Microsoft
To learn more GDPR or if you have other technical question for your business, 
feel free to reach out to our IT engineering team at:
Phone: 858-952-5400 x0