On May 25, 2018, the General Data Protection Regulation (GDPR), which replaced the EU privacy protection provisions of 1995, came into effect. The purpose of this regulation (GDRP) is to ensure that the individual’s personal information is protected in accordance with the modern technological innovation, regardless of where it is stored or processed.
One of the major catalysts in implementing the regulation is the administrative fines (without the need for court approval) that are expected from members who violate the regulations – up to 4% of the annual (global) turnover of the business or company, or a fine of 20 million euros). Contrary to past regulations, which differed from one country to another, these regulations apply equally to all Union companies.
Since we at inwise provide services and technology in areas that include personal information, we bring you the information to help you familiarize yourself with the regulation, prepare for its implementation, as well as the company and inquiry’s reference to the regulations.
Note: The purpose of this post is for informational purposes only and should in no way be considered a piece of legal advice. We recommend that you consult with relevant legal experts and experts in the field to obtain qualified opinions.
What is personal information?
Personal information is any information by which a particular person is identified or identifiable. In fact, personal information comprises almost every detail (e.g. name, contact address, phone number, e-mail address, employ details, credit card details, etc.)
Highlights of regulation
The purpose of collecting personal information should be “logical”. For instance, if you market tennis equipment, there is no reason for you to ask a client for his or her genotype. This creates a suspicion that you intend to trade information, and that is why explicit consent is required. Hence, be sure to request only the necessary details for operations and marketing purposes, and announce what you intend to do with the information gathered.
- The purpose of retaining the information should be specific to what you do with it: If you want to make further use of the user’s information beyond what you have stated, you will need to seek the client’s consent again. Maintaining confidentiality and information security: This is necessary for information leaks and information security against external threats.
- The right to access information: Every person whose information you have has the right to know what information is stored about him/her. Report to local authority and users about information security breaches as early as possible
- The right to be forgotten: Any entity about whom you have existing information has the right to “forget” (i.e. delete) all existing information about it.
- The right to return you from an agreement that has already been granted: If consent has been given for any use of information, the customer can always change his mind and return it with his consent
The GDPR and inwise
How inwise system help you meet regulatory requirements
- Registration forms and landing pages allow you to collect new registrants including a timestamp and an IP address. We recommend that you use an unmarked checkbox that confirms receiving mailings.
- Proper disclosure of the purpose of collecting information is recommended.
- Allow removal: inwise system automatically adds a removal option at the bottom of each mail.
- Information updates and preference changes: You can do this for your customers at any time on your own, and you can also use a detailed update form that will allow your contacts to do it themselves.
- Deleting Information: When contacting inwise support department, you can request the permanent deletion of your customer information. The full GDPR regulatory requirements document can be found here: