What is GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

The full text of the GDPR can be found here.

Full GDPR Regulations

What was the story before GDPR?

You’re likely hearing a lot about the GDPR, but did you know we’ve had data protection legislation in the EU for quite a while already? Although the 1995 EU Data Protection Directive will be replaced by the GDPR next May, the Directive sets out the eight data protection principles which have been governing the treatment of personal data by organizations for over two decades! Since the GDPR builds on and enhances these principles, we recommend you familiarise yourself with the current laws before you dive into the changes under the GDPR.

If you want to read more about the 1995 Directive and eight original data protection principles, please scroll down to our FAQ section to learn more.

View FAQ

Does GDPR apply to me?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU residents, the GDPR will apply to you.

Questions

Disclaimer

This website and the materials available on the website are for informational purposes only and not for the purpose of providing legal advice.   This website is neither a magnum opus on EU data privacy nor legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how CampMinder has addressed some important legal points. You should contact your attorney to obtain advice with respect to any particular issue or problem, including GDPR and nay privacy questions.  This information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding. Use of and access to this website or any links contained within the website do not create an attorney-client relationship between CampMinder and the user or browser.

The most important changes under the GDPR

The regulation also builds in two new rights for data subjects: a “right to be forgotten” that requires controllers to alert downstream recipients of deletion requests and a “right to data portability” that allows data subjects to demand a copy of their data in a common format. These two rights will now make it easier for users to request that any information stored should be deleted or that information that has been collected should be shared with them.

Data subjects always had a right to request access to their data. But the GDPR enhances these rights. In most cases, you will not be able to charge for processing an access request, unless you can demonstrate that the cost will be excessive. The timescale for processing an access request will also drop to a 30 day period. In certain cases, organisations may refuse to grant an access request, for example where the request is deemed manifestly unfounded or excessive. However, organisations will need to have clear refusal policies and procedures in place, and demonstrate why the request meets these criteria.

The changes within CampMinder

CampMinder is focused on GDPR compliance efforts to make sure that we handle customer data in compliance with applicable laws by the 2018 deadline.  We have updated our privacy policy, terms of service, and processes and procedures to ensure that we comply with GDPR.

Questions? Give us a shout!