ASPE Privacy Policy
Effective December 1, 2018
Overview
The General Data Protection Regulation (GDPR) European Union (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to provide control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation with the EU.
Superseding the Data Protection Directive, the regulation contains provision and requirements pertaining to the processing of personally identifiable information of data subjects inside the EU. Business processes that handle personal data must be built with privacy by design and by default, indicating that data must be stored using pseudonymization or full anonymization, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is performed under a lawful basis specified by regulation, or if the data controller or processor has received explicit, opt-in consent from the data’s owner. The business must allow this permission to be withdrawn at any time.
A processor of personal data must clearly disclose what data is being collected and how, why it is being processed, how long it is being retained, and if it is being shared with any third-parties. Users have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances. Public authorities, and businesses whose core activities center around regular or systematic processing of personal data, are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. Businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy.
To view ASPE’s Privacy Policy, including GDPR compliance, please ---- Learn More ---
|