The goal of GDPR is to give EU citizens more control over their personal data.
The General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] is one of the most recent data privacy regulation jointly proposed by the European Parliament, the Council of the European Union and European Commission, aiming to “strengthen and unify” data protection laws for individuals within the European Union. The new regulation plans to replace the old Data Protection Directive [95/46/EC], which has been effective from 1995. The last date of implementation for EU Member States is 25th May, 2018.
The GDPR protects personal data including IP addresses, genetic information, and biometric data (fingerprints, facial recognition data, etc.). Its official definition of personal data reads as follows:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
GDPR is important because it likely affects many people more than they realize. The safest assumption to make is that GDPR affects your company in at least some capacity, especially if you work for a company established in the EU, a company that sells to people within the EU, or a company that monitors the actions of citizens of the EU regardless of where your headquarters is or where you send marketing emails from.
Failure to adhere to GDPR guidelines can be expensive. The highest amount a single company could pay is 4% of their global annual turnover or 20 million euros, whichever is higher. Lower-tiered fines apply to lower-level penalties and can be the equivalent of 2% of global turnover or 10 million euros.
For a company to be GDPR compliant it must abide by these principles:
To comply with GDPR, AroundDeal carried out a LEGITIMATE INTERESTS ASSESSMENT which is documented below:
AroundDeal has a legitimate interest to process personal data relating to the decision makers and budget holders in organisations within the EU. The data is gathered from publicly available sources as well as directly from the companies concerned.
The processing is necessary in order to supply Global Database’s clients with data for business-to-business marketing purposes; a lawful business objective specifically identified by the Privacy and Electronic Communications Regulations 2003 (PECR). Recital 47 of the GDPR identifies direct marketing as a legitimate use of personal information.
The data subjects are senior business people with decision making and budgetary responsibilities and can reasonably expect to be contacted with marketing material relating to their professional roles.
The data collected is limited to names of senior managers and directors, their job titles, company name, nationality, and phone and business email. If a person leaves their role, their name and contact details are deleted from the database
If a data subject requests that their data is removed from the database, it is suppressed so that it cannot be accessed or added again at a later date.
a. In supplying accurate, regularly updated and targeted data, AroundDeal provides a valuable service to business-to-business marketers. In the absence of Global Database and similar high quality service providers, corporate marketers would have to rely on limited, inaccurate and out-of-date data for their marketing needs, which would have a detrimental effect on the success of their businesses and the wider economy.
b. Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
Data is collected solely for the purpose of compiling a database of business contacts to be used by AroundDeal 's clients for business-to-business marketing.
c. Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The data collected is limited to names of senior managers and directors, their job titles, company name, nationality, telephone numbers and business email addresses.
d. Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
AroundDeal shall make every effort and diligence to ensure that these data are accurate and up-to-date. In any case, the person is entitled to rectification.
e. Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
If a person leaves their role, their name and contact details are deleted from the database. However, the information may still be used for suppression purposes i.e. to ensure that it cannot be added to the database again.
f. Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is only provided to companies offering legitimate business services that are relevant to the professional role of the data subject. AroundDeal operates a rigorous data security environment.
g. Individuals have the right to see, correct, restrict access to or remove their personal information.
You may request to access your Personal Information and obtain a copy of Personal Information which is being processed by AroundDeal. In the event that you request to know what Personal Information is being processed by us, we will provide you with the following information free of charge: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; your privacy rights; and information on data transfers. Such requests will be made by sending a request to firstname.lastname@example.org, please make sure to provide your relevant details.
You may request to change, update or complete any missing data we process about you, by sending an email to email@example.com with you relevant details. Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
You may at any time withdraw your consent to our processing of your Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of your Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. Such withdrawal of consent will be made by sending an email to firstname.lastname@example.org with your relevant details.
You may request us to restrict processing of your Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by you; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information. Such request will be made by sending an email with the relevant details to email@example.com.
You have the right to receive the Personal Information in a structured, commonly used and machine-readable format. Such request will be made by sending an email with your relevant details to firstname.lastname@example.org
If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws, you can complain to the applicable data protection authority.