General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation, or "GDPR" for short, is a regulation issued by the European Union on May 25, 2018, which is formerly known as the Computer Data Protection Act enacted by the EU in 1995. The GDPR was created to provide data subjects with more control over their personal information and to help ensure that their personal information is adequately protected when it is collected, stored and processed by companies. Any company operating business in the EU must comply with the rules and regulations set forth in the GDPR, otherwise, the company will face significant fines.
The goal of the GDPR is to allow EU citizens to protect their personal information better.
What is the personal information regulated under the GDPR?
GDPR protects personal information, including IP addresses, genetic information and biometric data (fingerprints, facial recognition data, etc.).
The official definition of personal information:
"Any information related to an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified directly or indirectly by name, ID number, location data, online identifiers, etc., or by identifying the physical, physiological, genetic, psychological, economic, cultural or social identity information of that natural person."
Why is GDPR important?
The GDPR regulation has an extremely broad scope of application and any institutional organization that collects, transfers, retains or processes personal information involving any EU member state is subject to the regulation. For example, to a company which does not belong to any EU member state (including free services), as long as it meets one of the following two conditions, the GDPR applies:
- (1) Collect and process information from identifiable natural persons in the EU for the purpose of providing goods and services to them.
- (2) Collect and process information from identifiable natural persons in the EU for the purpose of monitoring their activities.
Failure to comply with the GDPR guidelines will be costly. Fines for companies that violate the regulation can be up to €20 million (approximately RMB 150 million) or 4% of their global turnover, whichever is higher.
What does it mean for B2B organizations to comply with GDPR?
For a company compliant to the GDPR, it must be adhered to the following principles:
- Data must be processed in a legal, fair and transparent manner
- Data can only be collected for specific, explicit and legitimate purposes
- The scope of the data must be adequate, relevant and limited to what is necessary
- Data must be accurate and up-to-date
- Data can only be retained within the absolutely necessary period of time
- Data must be processed in a manner that ensures the appropriate security of personal information
How does AroundDeal comply with GDPR?
AroundDeal is committed to protect the personal information of EU employees, contractors, customers and suppliers wherever data is processed. AroundDeal has a robust security program and a series of established internal policies, procedures and practices to ensure that personal information of data subjects is properly processed and protected in our information system.
To comply with the GDPR, AroundDeal has conducted a legitimate interest assessment, recorded as follows:
(1) Data Processing
AroundDeal has a legitimate interest in processing personal information relating to decision makers and budget holders of organizations within the European Union. These data are collected from public sources, directly from the companies concerned, or with the assurance that consent of the data subject has been obtained (where required).
(2) Legitimate business targets
AroundDeal ensures that the data is collected for legitimate business reasons and that the processing is necessary in order to provide data to customers of AroundDeal’s global database for business-to-business marketing purpose. Article 47 of the GDPR states that direct marketing is a legitimate use of personal information.
(3) Reasonable Expectations
The data collected and processed by AroundDeal relates to data subjects who are contacts or business persons of the companies concerned.
AroundDeal collects data limited to the name, title, nationality, telephone number, business email address, skills, previous working history, name, industry, number of employees, business scope, establishment date, and location of the entities they work for, and any other information or material that can reasonably be expected to be relevant to their professional role. If the person is no longer in the relevant role, their name and contact information will be removed from the database.
(4) Opt out
If a data subject requests their information to be removed from the database, such information is blocked and cannot be accessed or added again in the future.
(5) Valuable Services
a. AroundDeal provides valuable service to B2B-company marketers by providing accurate, regularly updated and targeted data. In the absence of a global database or similar high-quality service providers, corporate marketers have to rely on limited, inaccurate and outdated data to meet their marketing demands, which will adversely affect their business and broader success.
b. Data must be collected for specific, explicit and legitimate purposes and must not be further processed in a manner inconsistent with those purposes; further processing for public interest, scientific or historical research purpose, or statistical purpose shall not be deemed inconsistent with the original purpose. AroundDeal collects data solely for the purpose of compiling a database of business contacts for customers’ use in business-to-business marketing.
c. Data must be sufficient, relevant and limited to what is necessary for the purpose of processing. The data collected by AroundDeal is limited to the name, title, nationality, telephone number, business email address, skills, previous working history of the related company contacts, the name, industry, number of employees, business scope, establishment date, and location of the entities they work for, and any other information or material that can reasonably be expected to be relevant to their professional role.
d. Data must be accurate and, where necessary, kept up-to-date. AroundDeal shall take all reasonable steps to ensure that inaccurate personal information is deleted or corrected immediately after concerning the purpose of processing.
e. Data must be stored in a form which allows the identification of the data subject for a period of time no longer than that is necessary for AroundDeal to process or use such personal information. If personal information is processed only for public interest, for scientific or historical research, for statistical purpose, or for recording, such data may be stored for a longer period of time. AroundDeal will use appropriate technologies and measures to safeguard the rights and freedoms of the data subject in accordance with the requirements of the GDPR.
f. Data must be processed in an appropriate and reasonable manner, including the use of appropriate technology or measures to prevent any unauthorized or unlawful form of data processing, as well as accidental loss, destruction or damage to data. Data shall be provided only to companies which provide legitimate business and services related to the professional role of the data subject. AroundDeal guarantees a strictly secure environment for data operations.
g. Data subject ("you") has the right to view, correct, restrict access to, or delete his or her personal information, details are as follows:
- - Access:
You may request access to your personal information and obtain a copy of the personal information processed by AroundDeal. If you request to know what personal information we are processing, we will provide you with the following information for free: the purpose of processing; the categories of the personal information processed; the recipients of the personal information; the time period for which the personal information is stored; your privacy rights; and information about data transfers. Such requests can be sent to us through firstname.lastname@example.org with a copy of your relevant details.
- - Right to rectify:
You can send a request to us through email@example.com and provide a copy of your relevant details to request changes, updates or completion of any missing data about you which we are processing. Please note that we may correct, supplement or delete incomplete or inaccurate information at any time at our sole discretion.
- - Right to delete:
You may withdraw your consent to our processing your personal information at any time. In such cases, we will delete your data if we have no reasonable grounds for continuing to process your personal information (e.g., to comply with our legal obligations, resolve disputes, enforce our agreements, etc.), and if your personal information is no longer required for the purposes for which it was originally collected. Such withdrawal of consent shall be sent to us at firstname.lastname@example.org, with a copy of your relevant details.
- - Right to restrict processing:
You may request that we restrict the processing of your personal information if one of the following circumstances applies: (i) you challenge the accuracy of the personal information; (ii) the processing is illegal; or (iii) if we no longer need the personal information. Such requests can be sent to us at email@example.com, with a copy of your relevant details.
- - Data portability rights:
You have the right to receive personal information in a structured, commonly used and machine-readable format. Such requests can be sent to us at firstname.lastname@example.org with a copy of your relevant details.
Find Leads in 1 Click
✔ GDPR aligned & CCPA compliant✔ Cancel anytime