Please note that the following article does not constitute legal advice. For information on how the GDPR affects you specifically, consult your legal counsel.
The European Union’s (EU) General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, is a data protection law designed to strengthen data protections and give EU residents and citizens more control over their personal data regardless of what business accesses that data.
All businesses that are based in the EU, that collect and use the data of EU residents and citizens, or that process data of EU residents and citizens are impacted by the GDPR.
Businesses, such as your own, that collect and use the data of EU residents and citizens are referred to as data controllers. Businesses like WellnessLiving that process the data of EU residents and citizens are referred to as data processors. Both data controllers and data processors are responsible for ensuring compliance with the GDPR regardless of where they are located.
For example, WellnessLiving has servers located in the US but still follows GDPR guidelines because it processes data belonging to EU residents and citizens.
If you are a data controller, you should be aware of the following aspects of the GDPR:
The definition of personal data has been expanded to include any data relating to an identified or identifiable living person. This includes IP addresses, names, home addresses, and location data.
Data protection rights
Under the GDPR, individuals who are EU residents or citizens have expanded data protection rights. This includes the rights to access, correction, erasure, and portability.
Under certain circumstances, data controllers are obligated to inform both the supervisory authority in their country and their customers of data breaches.