The General Data Protection Regulation (GDPR) is a new European data privacy regulation that takes effect May 25, 2018. It regulates how personal data is collected and processed for all EU and EEA citizens. GDPR affects any company that collects or stores personal data from EU/EEA citizens. Key aspects of GDPR include obtaining consent before processing data, allowing data access and deletion, restricting automated processing, and international data transfer regulations. To comply, companies should minimize non-essential data collection, know their customers to obtain proper consent, and have a process to quickly delete data upon request.

1. Impact of GDPR on Data
Collection and Processing

2. What is
GDPR?
The General Data Protection
Regulation (commonly referred to as
GDPR), is a new European data
privacy regulation whose enactment
will start on May 25th, 2018.

3. Where will it be
implemented?
This regulation will be
applicable for all local privacy
laws in the EU and EEA region
and affect all businesses which
are either selling or storing
personal data about EU and
EEA nationals.

4. Who will GDPR affect?
Controllers – Government
regulators and businesses
who determine how data
is processed and the
underlying reason.
Processors – Businesses
that undertake the
technical aspect of data
processing on behalf of
the controller.

5. 10 key aspects of the regulation
Consent to process data
Data choices
Special data
Data movability
Data deletion
Data accessibility
Restricting data processing
Objection to data processing
Automating data processing
International data processing

6. Consent to process data
Your business must get a confirmation from the user when
collecting data and you need to clearly explain what type of
data is getting collected along with the reason.

7. Data choices
It is critical to find our exactly what type of data you would
need. Time to cut the fluff.

8. Special data
Note that certain types of data are considered as ‘special’
under the GDPR. These data include lifestyle choice type
information such as religion, trade union membership,
political beliefs, and several others.

9. Data movability
The data that you collect about you customer should be under
the complete control of the customer. In fact, the data should
be easily accessible and they can share the same with your
competitors if they deem fit.

10. Data deletion – right to be forgotten
This part of the GDPR gives the data subject the right to
request that any data you hold on them is ‘erased’ without
delay.

11. Data accessibility
You need to allow the user to access their data and also to let
them know the types of processing being carried out and the
type of category the data falls into.

12. Restricting data processing
This particular section allows users to legally challenge the
company in case they feel the data is not getting processed in
correct manner.

13. Objection to data processing
This provision allows users to object to their data being
processed. However, this is only under special circumstances,
such as when the data is being used for direct marketing.

14. Automated data processing
You can only perform automated processing where there is
either explicit consent obtained, or it is needed to carry out a
contract, or where it is permitted under the law of an EU
state.

15. International data transfer
There are provisions in the GDPR to allow for data transfers to
non-EU countries or international organizations as long as
there are recognized ‘adequate’ frameworks for sensitive data
protection.

16. How to
adhere to
GDPR
Since it is a general truth that
majority of the companies don’t
actually put the collected data to use
(lack of technology and know-how),
it makes sense to trim down data
collection.

17. Two-step approach
Finalizing essential data points.
1
Scouring through old data to
trim it down to critical data
points
2

18. Key approach for compliance?
Know Your Customer.
If you know your customers, it’d be easier for you to
inform them on how and why you’re collecting their
data. This will drastically help you get consent from
them as well.

19. A pioneer is custom and large-scale web data extraction.
www.promptcloud.com | sales@promptcloud.com