The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR came into effect across the EU on May 25, 2018.
The full text of the GDPR can be found here
Does the GDPR apply to me?
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
In keeping with our ongoing commitment to privacy and security, concurr is committed to making it easier for you to comply with the GDPR.
Data Subject : A person who lives in the EU
Personal Data : Any information related to an identified/identifiable data subject (e.g., name,phone number, email id)
Controller : A company/organisation that collects people’s personal data and makes decisions about what to do with it. So if you’re collecting personal data and are determining how it will be processed (for example using the concurr services to add forms on your site and gain leads and customers), you’re the Controller of that data and must comply with applicable data privacy legislation accordingly.
Processor : A company/organisation that helps a Controller by “processing” data based on its instructions, but does not decide what to do with data. So for example, concurr is the processor of the data you collect in your concurr application. We don’t control how you collect or use the data; we merely process it on your behalf and on your instruction.
Data Protection Officer (DPO) : A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert.
Data Privacy Impact Assessment (DPIA) : A documented assessment of the usefulness, risks, and risk-mitigation options for a certain type of processing.
Supervisory Authority : Formerly called “data protection authorities”; one or more governmental agencies in a member state who oversee that country’s data privacy enforcement (e.g., Ireland’s Office of the Data Protection Commissioner, Germany’s 18 national/regional authorities)
Third Countries : Countries outside the EU
Unless explicitly clarified in any engagement, concurr will be the Processor and Customer will be the Controller.
The GDPR permits transfers of personal data outside of the EU subject to certain conditions. The EU model clauses (Standard Contractual Clauses or SCC) provide a valid mechanism to lawfully transfer personal data. concurr offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers.
Should you require a copy of our DPA, please send an email to firstname.lastname@example.org