November 15, 2018

General data protection regulation - “GDPR”

This article provides an overview of Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation (GDPR), which was adopted by the European Parliament and the Council on 27 April 2016. The primary objective of the GDPR is to safeguard the privacy of EU citizens and prevent data breaches in an increasingly data-driven global environment, thereby officially repealing the earlier Directive 95/46/EC. While the foundational principles of data privacy remain consistent with prior standards, the regulation introduces significant shifts in policy and enforcement. This document provides a detailed analysis of the core GDPR requirements and their specific impacts on modern business operations to ensure compliance with the current legal framework.

GDPR: Compliance and Impact

  • Increased territorial scope
    Icon caret

    Extended jurisdiction represents one of the most significant shifts in the data privacy landscape. The GDPR applies to all organizations processing the personal data of individuals residing in the EU, regardless of the company’s physical location. This mandate covers any controller or processor-even those outside the Union-if their activities involve offering goods or services to EU residents or monitoring their behavior within the EU.

  • Penalties
    Icon caret

    Compliance is maintained through a stringent, tiered penalty system that enforces accountability at all levels. For the most serious infringements, such as lacking sufficient customer consent, fines can reach up to €20 million or 4% of total annual global turnover. It is essential to note that these regulations apply strictly to both data controllers and processors, ensuring that cloud service providers are not exempt from enforcement.

  • Consent
    Icon caret

    The conditions for obtaining consent have been significantly strengthened to ensure clarity and accessibility for all users. Organizations are no longer permitted to use complex, legalese-heavy terms; instead, consent requests must be provided in plain language with the specific purpose of processing attached. Furthermore, the regulation mandates that withdrawing consent must be as simple and straightforward as the initial process of providing it.

  • Data subject rights
    Icon caret

    Expanded data subject rights are central to the GDPR’s goal of increasing transparency and individual empowerment. The Right to Access allows individuals to confirm whether their data is being processed and obtain a free electronic copy, while the Right to be Forgotten entitles them to have their data erased when it is no longer relevant. Additionally, Data Portability enables users to easily receive and transmit their personal information between different controllers.

  • Privacy by design
    Icon caret

    Privacy by Design has transitioned from a general concept to a mandatory legal requirement under the new framework. This principle calls for robust data protection and minimization measures from the outset of system development. Controllers must retain and process only the data necessary for their specific duties, and strictly limit access to personal data to authorized personnel.

  • Data protection officers
    Icon caret

    While routine notifications to local authorities are no longer required, organizations must maintain detailed internal records and, in certain cases, appoint a Data Protection Officer (DPO). A DPO is mandatory for entities engaged in large-scale, systematic monitoring or processing of sensitive data categories. This officer must be appointed based on expert knowledge, report directly to top management, and operate without any conflicts of interest.

Wooxy and GDPR

  • The Right to be Informed: transparency is maintained regarding the use of personal data, which is processed solely for the purposes declared in the Terms of Use and within the scope of documented instructions provided by the Client.

  • The Right of Access: clear information is provided about the data collected and its subsequent use, with further details available in the Privacy Policy.

  • The Right of Rectification: personal information can be rectified at any time through account settings or by contacting the support team directly to request specific edits.

  • The Right to Erasure: accounts may be removed without providing a specific reason. Upon request, all associated data is erased within 30 days. Furthermore, individual contacts can be removed from lists to fulfill their right to be forgotten. If a contact submits a valid request directly to the service provider, the Client is notified, and the data is removed.

  • The Right to Restrict Processing: measures can be taken to block or suppress the processing of specific contact data within the account lists. Valid requests sent directly by contacts trigger a notification to the Client and the immediate suspension of processing for that individual.

  • The Right to Data Portability: contact information is available for export as a CSV file at any time. Additionally, a full data export can be provided upon request.

  • The Right to Object: unsubscribe from any specific use of information is available at any time. This includes the right for individuals to object to the use of their personal data for direct marketing, research, or tasks performed in the public interest.

Contact Sales
Max 255 characters
This field is required
Your message was send successfully!
Thank you! Our sales will reply as soon as possible.
Your message was send successfully!
Something went wrong!
Your entered data wasn’t saved. Reload the page or check your internet connection and try to send the form again.
Something went wrong!

This website collects cookies to deliver a better user experience. By clicking "Accept all", you agree to us and third parties' use of these methods. Please take a moment to review our Cookie Statement for more information.

Read Cookie Statement