{"id":9572,"date":"2021-06-08T15:20:37","date_gmt":"2021-06-08T12:20:37","guid":{"rendered":"https:\/\/snov.io\/knowledgebase\/?p=9572"},"modified":"2021-06-09T08:36:55","modified_gmt":"2021-06-09T05:36:55","slug":"what-is-the-gdpr","status":"publish","type":"post","link":"https:\/\/snov.io\/knowledgebase\/what-is-the-gdpr\/","title":{"rendered":"What is the GDPR?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">GDPR (General Data Protection Regulation) is a current privacy law adopted by the European Union. GDPR is effective from May 25, 2018. Its purpose is to ensure the protection of the privacy and personal data rights of individuals who are EU citizens, also defined as <\/span><b>data subjects<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><b>Personal data<\/b><span style=\"font-weight: 400;\">, or personally identifying data is a very important term under GDPR. It means any information that relates to an individual with which they can be directly or indirectly identified. For example, personal data includes the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">names<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">email addresses<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">information regarding the person\u2019s location<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ethnicity<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">gender<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">web cookies<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">political opinions etc.\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Under the GDPR, any piece of data that makes it possible to identify a particular person is personal data. Pseudonymised data can also constitute personal data if it allows to identify an individual without much difficulty.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">GDPR is applied to every company registered within the EU and any company that processes EU residents\u2019 personal data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are two main roles for a company under the GDPR. These are the <\/span><b>data controller<\/b><span style=\"font-weight: 400;\"> and <\/span><b>data processor<\/b><span style=\"font-weight: 400;\">. The data controller decides why and how personal data will be processed. The data processor is a person (a legal entity or an individual) that processes personal data on behalf of a data controller.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Article 5<\/span><span style=\"font-weight: 400;\"> of the GDPR defines seven principles for protection and accountability of personal data:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Lawfulness, fairness, and transparency:<\/span><span style=\"font-weight: 400;\"> processing must be lawful, fair, and transparent (understandable) to the data subject.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Purpose limitation:<\/span><span style=\"font-weight: 400;\">\u00a0 a company must process data for legitimate purposes and explicitly notify the data subject when such data is collected.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data minimization:<\/span><span style=\"font-weight: 400;\"> a company should collect and process only as much data as is absolutely necessary for the purposes of personal data processing.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Accuracy:<\/span><span style=\"font-weight: 400;\"> a company must keep personal data accurate and up to date.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Storage limitation:<\/span><span style=\"font-weight: 400;\"> a company may only store personal data for as long as necessary for the purposes of personal data processing.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Integrity and confidentiality:<\/span><span style=\"font-weight: 400;\"> personal data processing must be done in a way to ensure appropriate security, integrity, and confidentiality of personal data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Accountability:<\/span><span style=\"font-weight: 400;\"> a data controller must be able to demonstrate GDPR compliance with all of the GDPR principles to a competent data protection authority.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">If a company fails to comply with GDPR, a competent data protection authority may either fine or undertake administrative measures against such a company.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Administrative measures are described in <\/span><a href=\"https:\/\/gdprhub.eu\/index.php?title=Article_58_GDPR\" rel=\"nofollow\"><span style=\"font-weight: 400;\">Article 58<\/span><\/a><span style=\"font-weight: 400;\"> of the GDPR. For example, they include issuance of warnings and reprimands to a company or ordering the company to comply with the request of the data subject. Fines for failure to comply with the GDPR provisions are high:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">for significant violations, either 4% of annual global turnover or up to \u20ac20 million;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">for other violations, either 2% of annual global turnover or up to \u20ac10 million.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If you have any other questions about Snov.io platform, don\u2019t hesitate to contact us at <\/span><a href=\"mailto:help@snov.io\"><span style=\"font-weight: 400;\">help@snov.io<\/span><\/a><span style=\"font-weight: 400;\"> or via live chat.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GDPR (General Data Protection Regulation) is a current privacy law adopted by the European Union. GDPR is effective from May 25, 2018. Its purpose is to ensure the protection of the privacy and personal data rights of individuals who are EU citizens, also defined as data subjects.\u00a0 Personal data, or personally identifying data is a [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[620],"tags":[],"_links":{"self":[{"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/posts\/9572"}],"collection":[{"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/comments?post=9572"}],"version-history":[{"count":0,"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/posts\/9572\/revisions"}],"wp:attachment":[{"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/media?parent=9572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/categories?post=9572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snov.io\/knowledgebase\/wp-json\/wp\/v2\/tags?post=9572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}