Disclaimer: The contents of this guide and other related GDPR guides are for general information purposes only and do not constitute legal advice. We recommend or talking with your lawyer, or seeking legal advice, about what your business needs to do to be compliant.
The EU General Data Protection Regulation (“GDPR”) came into effect on May 25, 2018 and will replace the existing EU data protection law.
GDPR gives individuals control over how their personal information is stored and used by companies.
The GDPR is an excellent starting point when it comes to reviewing privacy and security practices. It’s only the beginning of a wider conversation and commitment.
If you collect, store or otherwise manage the personal information of individuals who live in the European Union, even if you don’t have an entity or presence in the EU, then the GDPR will apply to you.
Personal information is ” any data relating to an identified or identifiable natural person*“. It includes information or references to an individual’s name, contact details, location and IP address. This also includes less obvious things such as personal opinions, as well as preferences or factors specific to the physical, physiological, genetic, mental, economical, cultural or social identity of that person.
Sensitive personal data is a special category of personal data. This includes information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation and health information.
* These requirements around processing personal information only apply to living persons.
It’s important to understand your role with the GDPR, as that determines what actions you need to take to be compliant. There are two key roles: Controllers and Processors.
To comply with GDPR, you will need to fulfil your obligations as a Controller:
To support you in being compliant as a Controller, we are developing the following functions in Intuto:
Under GDPR, there are specific rights that customers have regarding their personal data.
These are based around some key Data Protection Principles. Find out more about the Data Protection Principles.
Some key concepts from those principles are:
While Intuto is ensuring our systems and processes are compliant with GDPR, you have a responsibility as a Controller to make sure your business practices are also compliant. This includes the way you and your staff use Intuto.
For instance, if a staff member downloads or exports your customer list and contacts those clients directly, this would be viewed as a data privacy breach. The same would apply if you decided to share your customer list or client’s personal information with another provider, without communicating this to the individuals involved or seeking consent.
We recommend or talking with your lawyer, or seeking legal advice about what your business needs to do to be compliant. Here are some things to think about:
While protecting our customer’s information has always been a high priority for us at Intuto, we’ve used this opportunity to review all of our systems and processes around collecting, storing and processing personal information.
In light of this, we have made the following changes:
These changes are the beginning of an ongoing conversation and commitment around privacy and security at Intuto.
If you are a business owner and need to export your data, permanently delete your account or have any questions about GDPR email to: firstname.lastname@example.org.