The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of Euros.
With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).
The GDPR defines an array of legal terms at length. Below are some of the most important ones that we follow:
Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.
Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing… so basically anything.
The person whose data is processed. These are the students or site visitors.
FindMyCollege decides why and how personal data will be processed.
No third party processes personal data on behalf of a data controller.
What the FindMyCollege Says about GDPR
FindMyCollege Pvt. Ltd. values individual privacy. With GDPR coming into effect, we have amended the functionality of our site to give users more control of their personal data.
We have specified the following:
How to process personal data?
For which purpose we process personal data.
On what grounds do we rely on when we process personal data.
What Rights do users have in respect of their personal data?