{"id":5869,"date":"2018-05-16T10:00:35","date_gmt":"2018-05-16T09:00:35","guid":{"rendered":"https:\/\/da-manager.com\/blog\/?p=5869"},"modified":"2022-11-28T11:12:20","modified_gmt":"2022-11-28T10:12:20","slug":"gdpr-who-what-and-how-can-you-comply","status":"publish","type":"post","link":"https:\/\/da-manager.com\/blog\/gdpr-who-what-and-how-can-you-comply\/","title":{"rendered":"GDPR: Who, What And How Can You Comply"},"content":{"rendered":"<p>The European Union is changing the way you access, process and delete personal data with businesses and EU residents inside and outside of the EU. The General Data Protection Regulation, or the GDPR, will take effect on May 25, 2018, and businesses that don\u2019t comply with the GDPR could face heavy fines.<\/p>\n<p><a href=\"https:\/\/blog.resellerclub.com\/gdpr-what-you-need-to-know\/\" target=\"_blank\" rel=\"noopener\">Reseller Club<\/a> shares <em>What You Need to Know<\/em> in this blog post.<\/p>\n<p>Here\u2019s a summary of everything you need to know about the GDPR. <\/p>\n<p><em>What is GDPR?<\/em><br \/>\n<em>What is personal data?<\/em><br \/>\n<em>What rights does the GDPR provide to individuals?<\/em><br \/>\n<em>Some responsibilities of the GDPR you should understand<\/em><br \/>\n<em>How does the GDPR affect your business?<\/em><br \/>\n<em>What do you need to do differently to comply with GDPR?<\/em><br \/>\n<em>What kind of Consent is required under the GDPR?<\/em><\/p>\n<p><strong>What is GDPR?<\/strong><br \/>\nGDPR is short for the General Data Protection Regulation that goes into effect on May 25, 2018. It was passed by the European lawmakers to create a harmonized data privacy law across all the EU member states. Its purpose is to:  <\/p>\n<p>Support privacy as a fundamental human right;<br \/>\nRequire companies that handle personal data to be accountable for managing that data appropriately, and give individuals rights over how their personal data is processed or otherwise used.<\/p>\n<p><strong>What is Personal Data?<\/strong><br \/>\nIn a nutshell, GDPR defines personal data as \u201cany information relating to an identified or identifiable natural person.\u201d<\/p>\n<p><em>Okay, so what does that mean?<\/em><\/p>\n<p>In addition to the kinds of information you might think about \u2013 name, address, email address, financial information, contact information, identification numbers, etc., personal data can in some cases be information related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers.<\/p>\n<p>It also could mean information about a person, including their physical, mental, social, economic or cultural identities.<\/p>\n<p>In short, if information can be traced back to or related in some way to an identifiable person, it is highly likely to be personal data.  <\/p>\n<p><strong>What rights does the GDPR provide to individuals?<\/strong><br \/>\nThere are several rights an individual may exercise under the GDPR, including:<\/p>\n<p><b><em>Right of access<\/em><\/b>: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used<\/p>\n<p><b><em>Right to rectification<\/em><\/b>: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time<\/p>\n<p><b><em>Right to be forgotten<\/em><\/b>: Individuals can ask to delete their personal data<\/p>\n<p><b><em>Right to restrict processing<\/em><\/b>: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data<\/p>\n<p><b><em>Right of portability<\/em><\/b>: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format<\/p>\n<p><b><em>Right to object<\/em><\/b>: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of the use of their data for these purposes<br \/>\nPlease note that these rights are not absolute, and limitations\/exceptions may apply in some cases.<\/p>\n<p><strong>Some responsibilities of the GDPR you should understand<\/strong><br \/>\nGenerally speaking, there are two types of parties that have a responsibility regarding the handling of data: the \u201ccontroller\u201d and the \u201cprocessor.\u201d It is important to determine whether you are acting as a controller or a processor and understand your responsibilities accordingly.<\/p>\n<p>A \u201cdata controller\u201d determines the purposes, conditions and means of the use of personal data.<\/p>\n<p>A \u201cdata processor\u201d on the other hand, only acts on the instructions of the \u201ccontroller\u201d and processes personal data on their behalf.<\/p>\n<p><em>So, what does this mean for you?<\/em><\/p>\n<p>As a reseller you are the controller in relation to your customer\u2019s data. Since ResellerClub acts as the Registrar on record, this also makes us a data controller.<\/p>\n<p>It is your responsibility to ensure that you have the necessary notices and\/or consents in place in order to transfer personal data to us for use.<\/p>\n<p><strong>How does the GDPR affect your business?<\/strong><br \/>\nIndividuals, companies, or businesses that have a presence in the EU or, if no presence, offer goods or services to, or monitor the behaviour of, individuals in the EU need to comply with this law. Please consult with your own legal counsel about whether GDPR applies to you and your business. <\/p>\n<p><strong>What do you need to do differently to comply with GDPR?<\/strong><br \/>\nIf the GDPR applies to you, there are various obligations you will need to comply with in order to continue doing business with your customers from the EU. Luckily, not all of these obligations are new, so you should be complying with some of them already.<\/p>\n<p><b><em>The most important differences in this context are as follows:<\/em><\/b><\/p>\n<p>More information about your use of personal data must be communicated to your customers. You should make sure that your privacy notices\/policies are updated to reflect the new requirements of the GDPR, including setting out the purposes of your processing personal data, how long you are retaining such data, and what legal basis for use of personal data are you relying on.<\/p>\n<p>You should determine the legal basis for your use of personal data: If you are relying on consent to use your customers\u2019 data you should ensure that the consent you have meets the new requirements of the GDPR (more details on this below). Please note that sending marketing emails or showing promotional content in any form to your customers may require, in certain circumstances, prior opt-in consent from them. As a reminder, you have already agreed through acceptance of our terms of service to lawfully obtain and process all personal data appropriately and have attested that you have permission to expose your customers to promotional content.<\/p>\n<p>You will also need to comply with the rights provided to individuals by the GDPR. See section above \u201cWhat rights does the GDPR provide to individuals?\u201d for details.<\/p>\n<p><strong>What kind of Consent is required under the GDPR?<\/strong><br \/>\nWhen in doubt, and you are relying on consent to market to your customers, express consent is typically your best option. You obtain and document express consent when you explicitly ask your potential customers for permission to send them emails and other marketing content, and they agree, and that agreement is recorded. <\/p>\n<p>There may be circumstances where you can rely on something similar to implied consent for sending emails or promotional content to customers even when subject to the GDPR. This is called a \u201csoft opt-in\u201d where you have obtained their contact details in the context of a sale of a product or service, you are sending emails and showing personalized ads relating to similar products or services the customer has the ability to opt-out of receiving such emails when they first provided their data when making a purchase and in every subsequent communication sent from you.<\/p>\n<p>You should consult with your legal counsel to determine whether you can rely on the soft opt-in going forward under the GDPR. If you have customers with soft opt-in consent, you can store them as implied consent, but you will need to maintain your own documentation about how you obtained that soft opt-in consent.<br \/>\nYour customers should also be given an easy way to withdraw their consent in order to comply with the GDPR.<\/p>\n<p><strong>\u00a0 \u00a0 \u00a0=========================================================<\/strong><\/p>\n<p><strong style=\"text-align:center\";>    Thanks for reading this post! Don&#8217;t just read and leave,<\/strong><\/p>\n<p><strong style=\"text-align:center\";>    please like, follow me,\u00a0and share with others too!!&#8230;<\/strong><\/p>\n<p><strong>\u00a0 \u00a0 =========================================================<\/strong>   <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The European Union is changing the way you access, process and delete personal data with&#8230;<\/p>\n","protected":false},"author":1,"featured_media":5870,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","_mbp_gutenberg_autopost":false,"footnotes":""},"categories":[147],"tags":[227,231,188,148,276],"class_list":["post-5869","post","type-post","status-publish","format-standard","has-post-thumbnail","category-general","tag-blog","tag-business","tag-content-marketing","tag-digital-marketing","tag-security"],"modified_by":null,"_links":{"self":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts\/5869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/comments?post=5869"}],"version-history":[{"count":0,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts\/5869\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/media\/5870"}],"wp:attachment":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/media?parent=5869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/categories?post=5869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/tags?post=5869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}