Personal data is any information that can identify a living individual person, directly or indirectly. It can be anything from a name, a photo, a registration number, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Sensitive personal data consists of information on an individual which is of private nature and may lead to discrimination. GDPR provides stringent protections for sensitive data compared to other types of personal data. Sensitive data includes health and conviction, genetic and biometric data.
The GDPR stands for General Data Protection Regulation and is the new European Union Regulation that applies across the EU. It comes into effect on the 25th May 2018 and will bring in significant changes to current data protection laws in the European Union.
It applies to all companies processing and controlling the personal data of data subjects residing in the European Union, regardless of the company’s location.
GDPR will replace the existing data protection act, as data is now used very differently, for examples the use of the internet and social media has transformed how we interact with data. GDPR seeks to improve trust in this emerging digital age by giving people greater control and rights over their personal data.
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.
A “Data Controller” is the individual or the legal person who controls and is responsible for the keeping and use of personal data on computer or on structure manual files. If you hold or process personal data, but do not exercise responsibility for or control over the personal data then you are a “Data Processor”.
While collecting data, the company has to make it clear the purpose it is doing so. Any activities performed with that data has to be described on the terms of the consent, which has to be accepted by the data subject will be the legal basis for any processing.
The consent must be explicit for data collected and the purposes data is used for (Article 7; defined in Article 4). Consent for children must be given by the child’s parent or custodian, and verifiable.
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by Dalata.
Dalata uses a range of third parties to provide services – either directly or indirectly. Where relevant these companies are required to comply with our data privacy and information security standards when handling personal data and we aim that they do not compromise your personal data information.
Dalata takes security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness and we review these measures regularly.
Simply put, the right to be forgotten means that individuals will have a right to have their personal data erased, if there are no legitimate reason for you to keep it. For instance, if you process data regarding your customers based on their consent, you will have to erase the data if they withdraw such consent.
Dalata Hotel Group Facebook
Dalata Hotel Group LinkedIn
Dalata Hotel Group Twitter
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.