GDPR or General Data Protection Regulation is more like fundamental rights of the citizen living in EU that specify how customers data can be used and protected. The primary objective is to give citizens back control of their personal data.
PERSONAL DATA :
Sensitive data?—?genetic and biometric data;
Basic identity information such as email, address, and ID numbers
Web data such as location, IP address, cookies data, and RFID tags
Health, genetic, and biometric data
Racial or ethnic data
GDPR applies to all the organizations that are registered in EU or have an establishment or subsidiary in EU. It also applies to an organization which sells goods or services to citizens of the EU and process or monitor the personal data of EU residents.
General Data Protection Regulation (GDPR) is effective from the 25th May 2018. Introduced by the EU but applicable globally it affects what, how, why, where, and when personal data is used and processed. Grund is committed to protecting users right to data privacy and protection. We do not collect and process users personal information beyond what is required for the fundamental functioning of our products. GDPR helps us to assure the highest standards of operations for protecting personal data.
OBLIGATIONS AND INITIATIVES
As a data processor, grund.space understands its obligation to protect any data that we use or hold. We have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team. To ensure our compliance and uphold the highest possible standards for data protection we are carrying out the following initiatives:
Identifying personal data – Data maps have been created to visualise how we use and hold data within the systems that we operate. When a user sets up an account they trust us with their personal data. We do not store or handle personal data for visitors to publishers websites.
Transparency – A key aspect of GDPR is how the collected data is used. As a data processor, grund.space’s key role is to provide our customers (the data controllers) with the access to effectively manage and protect their user data. grund.space is committed to transparency throughout our business and we provide as much transparency as possible to our customers.
HOW HAS grund.space ENSURED THEY ARE GDPR READY
We have allocated a data privacy team to oversee GDPR activities and look for ways in which we can improve. We have carried out a thorough security and privacy review which will be maintained and updated at regular intervals. We have mapped our internal data flows and assessed the risk that each carries and what can be done to mitigate the risk involved. Our data storage systems have been assessed and updated to ensure their compliance with GDPR regulations. We have setup a formal work flow to respond to data subjects when they exercise their rights. We have carried out a PIA (Privacy Impact Assessment) and updated our business continuity plan and threat assessments.
WHAT DOES THIS MEAN FOR GRUND.SPACE USERS?
The GRUND.SPACE network is built for our users and without them we would not have an ecosystem in which to operate. It is critical that users feel that they can trust us with their data and we do everything possible to ensure their data is protected and not misused.
As an individual user you have the following rights:
The right to be informed -This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing.
The right of access- GDPR brings the right for Data Subjects to get information about how, where and for what purpose their personal data is being processed.
The Rights to be notified – Transparency and choice are two cornerstones of the GDPR regulation. At the outset of any request for data, businesses must be as clear as possible on how they will process data, who will process it, and where it could end up.The regulation lays out an extensive outline over communications with data subjects in varying areas such as third party legitimate interests and data subject rights. Individuals should be able to contact the data controller with any queries they may have.
The right to rectification – This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
The right to erasure OR Right to be Forgotten- Also known as Data Erasure, the right to be forgotten entitles the Data Subject to have his/her personal data deleted from the logs of Data Controllers. The right to be forgotten also enables them to halt or cease further distribution and use of the data by third parties.
The right to restrict processing – The data subject shall have the right to obtain from the controller restriction of processing his personal data;
The right to data portability – The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
The right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If you have any concerns or queries relating to data privacy, please do not hesitate to contact us at firstname.lastname@example.org