GDPR – General Data Protection Regulation May 25 2018

EU-General-Data-Protection-Regulation-GDPR-2018GDPR is the most transformative piece of legislative reform pertaining to the privacy of EU citizens. GDPR replaces the Data Protection Directive and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to define how organizations approach data privacy.

May 25 2018


Summary of Key Changes

Increase in Extra-Territorial Scope and Applicability

Jurisdiction of GDPR, as it applies to processing the personal data of data subjects residing in the Union, has been extended to all companies handling and processing data of EU citizens, regardless of the company’s location.

Easy to Opt-in and Opt-out

Companies can no longer use long illegible terms and conditions full of legalese to trick EU citizens. Request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. And, it must be as easy to withdraw consent as it is to give it.​ No more gimmicks. No more games.

Strict Financial Penalties

Organizations in breach of GDPR can be fined the greater of 4% of annual global turnover or €20million for the most serious infringements.

Breach Notificaiton

Notification of any breach of EU customer data likely to “result in a risk for the rights and freedoms of individuals” has been potentially compromised will become mandatory in all member states. Unlike the case with the Equifax breach, citizens must be notified within 72 hours of first having made aware of the breach.

Right to Personal Information

EU citizens have the right to obtain information from the data controller on how their personal data is being processed, where and for what purpose. The company will also provide, upon request, a copy of the citizen’s personal data, free of charge, in an electronic format. This change is a dramatic shift towards data transparency and citizen empowerment.

Right to be Erased

EU citizens can exercise their right to have their personal data erased, prevent it from further dissemination, and potentially have third parties halt processing of their data.

Data Portability
GDPR introduces data portability – the right of an EU citizen to receive their personal data in electronic format, without a fee, and transmit that to another controller.

Privacy By Design

At it’s core, privacy by design calls for the inclusion of data protection from the onset of system architecture and design. This makes privacy core to the design of the system rather than an afterthought or an addition. Data minimization also calls for data controllers to hold and process only the data that’s absolutely necessary to render its duties, as well as limiting access to personal data to those associated with the processing.

How It Impacts Us

Beantown Beacons captures personal information of attendees at events and conferences. We have a clear opt-in privacy policy regarding the information being captured and it’s intended purpose. We use this information to offer attendees a better on-site experience like automated check-ins, personalized content and offers and other location-aware services. Attendee behavioral data is shared with Event Organizers and Exhibitors based on scope.

Since we host events in the EU, this directive very much impacts our business and our stakeholders. Over the next few months we will be performing a thorough review of our privacy policies to ensure compliance with GDPR.

Share Your Thoughts...

Your email address will not be published. Required fields are marked *