The General Data Protection Regulation (GDPR) is a wide-ranging European Union (EU) regulation designed to protect the privacy of individuals in the EU. It gives them control over how their personal data is processed, including how it’s collected, stored and used.
The GDPR affects every company in the world that processes personal data about people in the EU. The regulation applies to organisations located within the EU and organisations located outside the EU if they “offer goods or services to, or monitor the behaviour of, EU data subjects”.
The key points here are defining what constitutes personal data, and the business’s role as either a ‘processor’ or ‘controller’ of the data. Here are some definitions for those points:
Personal data: “Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”
Controller: “The entity that determines the purposes, conditions and means of the processing of personal data.”
Processor: “An entity that processes personal data on behalf of the controller.”
In Total Synergy’s context, we’re a controller and processor for data we hold about our employees and customers. In our customers’ context, they are controllers of the data they choose to enter into Synergy. Total Synergy is the processor in that context.
Aside from the risk of penalty — worst case, organisations can be fined up to four percent of annual global turnover for breaching GDPR or €20 million, whichever is higher — GDPR gives control of personal data back to the people who own it. It makes data protection a core part of companies’ operations and processes. This is more likely to affect large, data-driven organisations first, but small businesses are not exempt.
Total Synergy is an Australian company. We have staff and customers in Europe. The GDPR has similarities with Australia’s Privacy Act 1988, so we already act with a ‘privacy by design’ approach. The GDPR goes further and we’ve made changes to comply. This means:
Total Synergy uses Microsoft Azure as its cloud platform. Our data is stored in the USA and backed-up in more than one geographic location in the USA. The transfer of data to these US data centres is GDPR qualified through Microsoft Azure’s compliance as a data processor. Read about this here.
Probably. We’re not lawyers and can’t offer legal advice, but there’s a chance you will have some data somewhere for an EU citizen or resident. Which means you need to be compliant. We recommend you contact your own legal counsel to find out how GDPR affects you.
The GDPR is a good thing. It’s designed to give all of us more control over the data companies collect about us, how we can find out what that is (right to access), in getting a response when asking for it to be removed or updated (right to rectification), in stopping certain data from being used (right to object), and having the data deleted (right to be forgotten).
Read the full text of the General Data Protection Regulation.
Ready for exclusive updates and exciting content? 🎉 Don’t miss out! Fill in the form below and join our newsletter community! 📧📝 Stay informed and inspired!