What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new, EU-wide privacy and data protection law. It calls for more granular privacy guardrails in an organization’s systems, more nuanced data protection agreements, and more consumer-friendly and detailed disclosures about an organization’s privacy and data protection practices.
The GDPR replaces the EU’s current data protection legal framework from 1995 (commonly known as the “Data Protection Directive”). The Data Protection Directive required transposition into EU Member national law, which led to a fragmented EU data protection law landscape. The GDPR is an EU regulation that has direct legal effect in all EU Member States, i.e., it does not need to be transposed into an EU Member States’ national law in order to become binding. This will enhance consistency and harmonious application of the law in the EU.
When new requirements come into force?
The GDPR already came into force from 25 May 2018. As international team we need to follow and comply with GDPR and local laws too:
Who is under compliance?
This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. Generally, The GDPR requirements apply to all companies, institutions, and organizations that process personal data.
The GDPR governs how personal data of EU individuals may be processed by organizations. “Personal data” and “processing” are frequently used terms in the legislation, and understanding their particular meanings under the GDPR illuminates the true reach of this law:
How personal data are processed by Bilderlings?
Bilderlings processes data only for specific purposes and the data are not stored for longer than necessary. Bilderlings maintains the data, which is necessary for providing the services selected by the customer and Bilderlings is able to deliver it to the customer.
Bilderlings processes personal data in one or more of the cases mentioned below:
Unlike the Data Protection Directive, the GDPR is relevant to any globally operating company, not just those located in the EU. Under the GDPR, organizations may be in scope if (i) the organization is established in the EU, or (ii) the organization is not established in the EU but the data processing activities are with regard to EU individuals and relate to the offering of goods and services to them or the monitoring of their behavior.
Our Data processing Policy
The Personal data processing Policy provide information on the processing and protection of personal data of Bilderlings customers, employees and other individuals. In addition to the description of the Policy, more detailed information on the processing of personal data can be included in your service agreements, other documents related to services and on the website.
Who can access these data?
Bilderlings may share customer data only in the cases:
The data receivers authorized by Bilderlings, i.e., the companies that process the data on behalf of Bilderlings. Bilderlings shall take the necessary measures to ensure that the authorized data receivers carry out the customer data processing according to the guidance received from Bilderlings, comply with the required security and confidentiality requirements, as well as act in accordance with the legal requirements.
The list of authorized data receivers:
The most referenced consequence of non-compliance with the GDPR is the maximum fine that can be levied against a non-compliant organization. The maximum fine that may be levied is 4% of global revenue or 20 million EUR, whichever is higher. Certain other types of infringements carry a maximum fine of 2% of global revenue, or 10 million EUR, whichever is higher.
Less frequently referenced are the data protection authorities’ (“DPAs”) powers under Art. 58 of the GDPR. These powers include the ability for the DPAs to impose corrective actions, such as a temporary or definitive limitation on data processing activities, including a complete ban on data processing, or to order the suspension of data flows to a recipient in a third country.
If you have any queries about data processing at Bilderlings,
send us an email to: firstname.lastname@example.org