GDPR Policy

The European Union General Data Protection Regulation “EU General Data Protection Regulation” (GDPR) is the most important change in the field of data security in the last 20 years. The law, which was approved by the European Parliament on 14 June 2016, has an implementation date of 25 May 2018, and regulations have been introduced within the framework of the adjustment law.

The GDPR has replaced the Directive 95/46 / EC of the European Parliament and the Council of Europe on Processing and Free Movement of Personal Data. Its main purpose is to ensure that organizations have an effective privacy security approach as they reshape in compliance with the European Union citizens in order to ensure data security.

What is GDPR compliance? Who does GDPR apply to?

Article 3 of the GDPR is about Territorial Scope. In the second paragraph of the Article;

“Even if a company established outside the EU does not rely on any payment, offering products and services to a real person (data subject) living in the EU or monitoring the behavior of a real person in the EU are sufficient indicators that that company is subject to GDPR.”

If it is necessary to interpret the relevant law article; For example, if you offer services and products in one of the languages spoken in the EU on your company’s website (Extended Regional Scope-Increased Territorial Scope), you are covered by the GDPR if you collect information from a contact page and offer them a price list in European currencies. Also on a website or by different methods; For example, identifying people’s information with web cookies (cookies), creating profiles, finding their habits, and obtaining IP addresses are also considered within this scope. On the other hand, if you are carrying out import, export and any business activity with EU member states, you must comply with the GDPR.

•GDPR compliance – Any organization abiding by the rules and regulations set by the European Union (EU) on data protection of individuals are said to be GDPR compliant.

•GDPR applies to any organization processing the personal data of a E.U. citizen within the EEA (European Economic Area) and globally. There are a set of guidelines for organizations to follow in this regard.

•EU has released the regulation copy for the public on 27th of April 2016. The articles in this copy act as the base for implementing GDPR.

•There are XI chapters and 99 articles in GDPR. All companies in the EEA were required to be compliant with GDPR by 25 May 2018. There are areas which define how GDPR is applicable to small scale sectors and also on outsourcing EU citizen data out of the EEA region.

What is EdgeUno doing for GDPR compliance?

-Risk assessment and establishment of organizational controls,

-Determination of data flows and preparation of data inventory,

-Defining legal responsibilities,

-Taking all necessary measures regarding data protection processes and establishing an end-to-end data security infrastructure,

-DPO (Data Protection Officer) appointment,

-Updating existing policies and procedures,

-Reviewing communication processes in marketing and social media

For additional information please go to the link below:

https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en

For more information please write to legal@edgeuno.com