Where MinerEye Enables Your Organization to Comply with GDPR Regulations
This section presents describes how MinerEye’s solutions enable your organization to achieve compliance with GDPR requirements. This section is general and introductory in nature and is not intended to provide, and should not be relied on as, a source of legal advice.
About the GDPR
On 25 May 2018, the General Data Protection Regulation (Regulation (EU 2016/679) (‘GDPR’)) went into effect. The GDPR is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR applies to organizations that have a presence in the EU, notably entities that have an “establishment” in the EU.
Therefore, the GDPR applies to the processing of personal data by organizations established in the EU, regardless of whether the processing takes place in the EU or not. In relation to the extraterritorial scope, the GDPR applies to the processing activities of organizations that are not established in the EU, where processing activities are related to the offering of goods, or services to individuals in the EU.
The controller and the processor and, where applicable, their representatives, shall cooperate with the supervisory authority in the performance of its tasks…
Read MoreArticle 32 establishes general concepts for the controller and processor to implement minimum security measures when processing data…
Read MoreIn the case of a personal data breach, the controller shall without undue delay and, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent…
Read MoreWhen the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay…
Read MoreWhere a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data…
Read MoreThe controller shall consult the supervisory authority prior to processing where a data protection impact assessment (DPIA) under article 35 indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk…
Read More