8 Things you need to know about GDPR
General Data Protection Regulation (GDPR) is a hot buzzword and gaining more traction in recent years. So, what does this mean for you? In this article, we share the 8 must-know insights about GDPR.
1. What is GDPR?
GDPR is an EU data privacy law that went into effect on May 25, 2018. It is designed to give individuals more control over how their data are collected, used, and protected online.
2. What does GDPR mean for organizations?
Almost all modern businesses collect and analyze personal data. GDPR requires organizations to develop robust data protection programs that promote accountability, transparency, individual rights, and security. Organizations that fail to comply with GDPR, penalties of up to 4 percent of their global annual revenue or €20 million, whichever is higher.
3. What does personal data mean according to GDPR?
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
This information might include details like your first and last name, email, home address, employer, and credit card information. GDPR also protects personal data like IP addresses, genetic information, and biometric data, like fingerprint and facial recognition data.
4. What does it mean to be GDPR compliant?
To be GDPR compliant, a company must follow these 5 principles:
- Data processing must be lawful, fair, and transparent, ensuring the security of personal data
- Data must be collected for specific, explicit, and legitimate purposes
- Data scope must be relevant and limited to what’s necessary
- Data must be accurate and up to date
- Data can only be held within the absolute timeframe
5. Who needs to comply with GDPR?
- Any company based in the EEA/UK that processes an individual’s personal data must comply with GDPR, even if the processing happens outside EEA/UK.
- Any company based outside of the EEA/UK that processes an individual’s personal data in the EEA/UK; offers products or services to individuals in the EEA/UK; or monitors the behavior of individuals in the EEA/UK.
6. Do you need to comply with GDPR?
If you say YES to any of the following questions, the answer is (probably) YES:
- Does your business have an established presence in the EEA/UK?
- Is your processing of personal data related to the offering of products or services to individuals in the EEA/UK?
- Are you monitoring the behavior of EEA/UK individuals?
***Please note: If you operate as a B2B, you might not have to comply with GDPR because you’re actually offering goods/services to other companies, and not individuals.
7. Is Lusha GDPR compliant and how does it affect our customers?
- Lusha takes strict measures to align its data protection program with GDPR’s principles. We’ve adopted GDPR principles to our entire platform and support GDPR worldwide to all our customers operating globally. To ensure our customers meet their GDPR requirements under data privacy laws regarding any data they share with us, we contractually sign a Data Processing Agreement and act as a processor.
- For more information, please check out our Privacy Center.
- Lusha is committed to complying with all laws and regulations, which it is subject to, and in assisting our customers to meet their compliance obligations.
- Our customers make independent decisions about what personal data to collect, and how, and why data is processed. Under GDPR, this makes our customers data controllers. Similarly, we make decisions about our own personal data, including the information collected in our database. Although Lusha aligns its data protection practices with GDPR principles, we do not believe that GDPR itself applies to us directly regarding the data we provide to our customers.
- We highly recommend that our customers who use, control, or process the personal data of persons within the EEA/UK be GDPR compliant.
- To make it easier for our customers and partners to avoid any risk in certain jurisdictions, Lusha offers the option to filter contacts and companies by location — including the exclusion of individuals identified as EEA/UK residents. This functionality enables Lusha’s customers to remain compliant while using our products.
8. What does this mean for your prospects?
The goal of GDPR is to better protect the personal data of citizens and consumers. Your EEA/UK customers have several rights as set out here. They include:
- The right to be informed
- The right of access
- The right of rectification
- The right of erasure
- The right to restrict processing
- The right to object
We'll help you understand if Lusha can solve your business needs.
