Posted on: 2018-02-23
Last updated: 2018-02-23
About GDPR
Confused about the new General Data Protection Regulations? We have everything you need to know about this law when it comes to creating your
GDPR-compliant online surveys.
What is the GDPR?
The
GDPR (General Data Protection Regulation) is a new comprehensive data protection law (in effect May 25, 2018) in the European Union that aims to make protection of personal data much stronger. We are living in an era of rapid technological developments, expanding globalization, and more complex international flows of personal data, specially in the digital world.
GDPR tries to update and replace the mixture of the current national data protection laws with a single set of rules, directly enforceable in each EU member state.
What does the GDPR regulate?
The GDPR regulates the “processing” of data for citizens of EU countries. This includes collection, storage, transfer, or use of data. Any organization that processes personal data of EU individuals is within the scope of the law. SurveyLegend is already located in Sweden which is a part of EU. However, according to this law, it does not matter whether the organization has a physical presence in the EU or not. GDPR defines the notion of “personal data” very broadly, which covers any information relating to an identified or identifiable individual (also called a “data subject”).
How does GDPR change privacy law?
The key changes are the following: Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organizations, as well as customer profiling and monitoring requirements. GDPR also includes binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and a 4% global revenue fine for organizations that fail to adhere to the compliance obligations. Overall the new regulation provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
Does the GDPR require EU personal data to stay in the EU?
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. However the good point is that, SurveyLegend already stores both customers’ and respondents’ data on servers located inside EU.