GDPR is the toughest privacy and security law in the world and has been in effect since 25th May 2018.
GDPR applies to any organisation operating within the EU as well organisations outside of the EU which offer goods or services to customers or businesses in the EU.
GDPR is a regulation and not a directive. It is legally binding and cannot be opted out of, or ignored. Fines of up to €20 million or 4% of your company’s global turnover can be levied if regulation is ignored.
GDPR has been put in place to provide EU citizens control over their personal data, ensuring the storage and handling is:
Personal data is information that identifies someone personally and tells you something about them such as their name, place of work, personal / work email address and / or their home address.
A Data Transfer Agreement (DTA) is an agreement established between organisations that governs the transfer of data from the owner / provider to a third party.
An example is the data transferred from a lead generating product - both parties become joint controllers of the data. There is a legal obligation to set out your responsibilities in a joint control arrangement (the DTA).
DTA’s set out the purpose of the data sharing, cover what happens to the data at each stage, sets standards and helps all parties be clear about their roles and responsibilities.