Personal Data and General Confidentiality Agreement
HomepagePersonal Data and General Confidentiality Agreement
This policy is effective as of 27 May 2020.
The GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council) is an important piece of legislation that is designed to strengthen and unify data protection laws within the European Union.
Hostgeber began to dedicate internal resources to the implementation of GDPR in its activities in September 2018. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.
I’m new to the GDPR and would love more details on it
The GDPR is considered to be the most significant piece of European data protection legislation to be introduced in the European Union in 20 years and will replace the 1995 Data Protection Directive 95/46/EC.
The GDPR regulates the processing of personal data of individuals including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
The GDPR gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
The GDPR enhances individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
In summary, here are some of the key changes to come into effect with the upcoming GDPR:
Expanded rights for individuals: The GDPR provides expanded rights for individuals by granting them, amongst other things and subject to certain conditions, the right to be forgotten, the right to request a copy of any personal data stored in their regard, the right to request data portability.
Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
Increased enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
If you have any questions, please don’t hesitate to contact us.