GDPR Compliance

Please note that the following article does not constitute legal advice. For information on how the GDPR affects you specifically, consult your legal counsel.

The European Union’s (EU) General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, is a data protection law designed to strengthen data protections and give EU residents and citizens more control over their personal data regardless of what business accesses that data.

All businesses that are based in the EU, that collect and use the data of EU residents and citizens, or that process data of EU residents and citizens are impacted by the GDPR.

Businesses, such as your own, that collect and use the data of EU residents and citizens are referred to as data controllers. Businesses like WellnessLiving that process the data of EU residents and citizens are referred to as data processors. Both data controllers and data processors are responsible for ensuring compliance with the GDPR regardless of where they are located.

For example, WellnessLiving has servers located in the US but still follows GDPR guidelines because it processes data belonging to EU residents and citizens.

NoteThe EU-USA Privacy Shield is a privacy framework for US companies to follow when working with data belonging to EU residents and citizens. Because WellnessLiving is a Canadian company, we do not follow the EU-USA Privacy Shield framework. Instead we follow the GDPR guidelines.

If you are a data controller, you should be aware of the following aspects of the GDPR:

Personal data

The definition of personal data has been expanded to include any data relating to an identified or identifiable living person. This includes IP addresses, names, home addresses, and location data.

Data protection rights

Under the GDPR, individuals who are EU residents or citizens have expanded data protection rights. This includes the rights to access, correction, erasure, and portability.

Breach notifications

Under certain circumstances, data controllers are obligated to inform both the supervisory authority in their country and their customers of data breaches.

As a data processor, WellnessLiving strictly follows all GDPR guidelines and will support you in complying with the GDPR when appropriate. If you are a data controller, you should have established processes for handling data requests and breaches and make sure you and your staff are aware of the implications the GDPR has for your specific business. You should also review your privacy policy to ensure it meets the standards set by the GDPR. You can use the online waiver feature on WellnessLiving to set and update your privacy policy. See Setting up your online waiver for more information.

Tagged:
Was this article helpful?
(99 out of 101 people found this article helpful)
Still need help? Contact us
Cancel