GDPR Compliance
What is GDPR, the EU's new data protection law?
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).
What types of data does the GDPR protect?
Personal data relating to an identified or identifiable data subject in the EU, including:
- Basic identity information such as name, address, and ID numbers
- Web data such as location, IP address, cookie data, and RFID tags
- Other personal information like health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation, provided that the personal information can be used to identify an EU data subject
Our Data Processing Addendum ("DPA")
When applicable (i.e. when you use our service as an enterprise user) when using our service, you will be subject to our Terms of Service, our Privacy Policy, and our DPA.
Data protection principles
If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2:
Lawfulness, fairness, and transparency
Processing must be lawful, fair, and transparent to the data subject.
Purpose limitation
You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
Data minimization
You should collect and process only as much data as absolutely necessary for the purposes specified.
Accuracy
You must keep personal data accurate and up to date.
Storage limitation
You may only store personally identifying data for as long as necessary for the specified purpose.
Integrity and confidentiality
Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
Accountability
The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
Questions about GDPR compliance?
If you have questions about how Juno Journey ensures GDPR compliance or need assistance with your data protection requirements, please contact our privacy team.
Contact Privacy Team