1. What is personal data?
Personal data is any information that can identify a living individual person, directly or indirectly. It can be anything from a name, a photo, a registration number, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
2. What is “sensitive data”?
Sensitive personal data consists of information on an individual which is of private nature and may lead to discrimination. GDPR provides stringent protections for sensitive data compared to other types of personal data. Sensitive data includes health and conviction, genetic and biometric data.
3. What is GDPR and when does it come into effect?
The GDPR stands for General Data Protection Regulation and is the new European Union Regulation that applies across the EU. It comes into effect on the 25th May 2018 and will bring in significant changes to current data protection laws in the European Union.
4. Who does the GDPR affect?
It applies to all companies processing and controlling the personal data of data subjects residing in the European Union, regardless of the company’s location.
5. Why is GDPR important?
GDPR will replace the existing data protection act, as data is now used very differently, for examples the use of the internet and social media has transformed how we interact with data. GDPR seeks to improve trust in this emerging digital age by giving people greater control and rights over their personal data.
6. What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.
7. What is the difference between a data processor and a data controller?
A “Data Controller” is the individual or the legal person who controls and is responsible for the keeping and use of personal data on computer or on structure manual files. If you hold or process personal data, but do not exercise responsibility for or control over the personal data then you are a “Data Processor”.
8. What is consent for data processing?
While collecting data, the company has to make it clear the purpose it is doing so. Any activities performed with that data has to be described on the terms of the consent, which has to be accepted by the data subject will be the legal basis for any processing.
The consent must be explicit for data collected and the purposes data is used for (Article 7; defined in Article 4). Consent for children must be given by the child’s parent or custodian, and verifiable.
9. What rights will individuals have under GDPR?
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by Dalata.
|Right to be Informed||You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.|
|Right of Access||You have the right to request a copy of the Personal Data held by us about you.
We will only charge you for making such an access request where we feel your request is unjustified or excessive.
|Right to Rectification||You have the right to request that we amend any inaccurate Personal Data that we have about you.|
|Right to Erasure||You have the right to ask us to erase your Personal Data where:
|Right to Restriction of Processing||You have the right to ask us to restrict processing your Personal Data in the following situations:
|Right to Data Portability||You may request us to provide you with your Personal Data which you have given us, in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible. This right only arises where:
|Right to Object to Processing||In certain circumstances, you have a right to object to our processing of your Personal Data where we process it for our legitimate interests, including any automated decision making, such as profiling.
We may not be able to comply with such a request where there are grounds that do not undermine your interests, rights and freedoms or where the processing of your Personal Data is required for compliance with a legal obligation or in connection with the defence, establishment or exercise of legal claims.
10. Does Dalata share my personal information?
Dalata uses a range of third parties to provide services – either directly or indirectly. Where relevant these companies are required to comply with our data privacy and information security standards when handling personal data and we aim that they do not compromise your personal data information.
11. How secure and confidential is my personal data?
Dalata takes security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness and we review these measures regularly.
12. What is the right to be forgotten?
Simply put, the right to be forgotten means that individuals will have a right to have their personal data erased, if there are no legitimate reason for you to keep it. For instance, if you process data regarding your customers based on their consent, you will have to erase the data if they withdraw such consent.