Making sure your data is protected, Juno Journey is GDPR compliance

What is GDPR, the EU’s new data protection law?

What types of data does the GDPR protect?

Personal data relating to an identified or identifiable data subject in the EU, including:

- Basic identity information such as name, address and ID numbers

- Web data such as location, IP address, cookie data and RFID tags

- Other personal information like health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation, provided that the personal information can be used to identify an EU data subject

Data protection principles

If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2:

  1. Lawfulness, fairness and transparency - Processing must be lawful, fair, and transparent to the data subject.

  2. Purpose limitation - You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.

  3. Data minimization - You should collect and process only as much data as absolutely necessary for the purposes specified.

  4. Accuracy - You must keep personal data accurate and up to date.

  5. Storage limitation - You may only store personally identifying data for as long as necessary for the specified purpose.

  6. Integrity and confidentiality - Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).

  7. Accountability - The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.