What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on 25 May, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU. Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, the GDPR requires businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
Who does the GDPR apply to?
The GDPR applies to all entities operating within the EU and to entities outside the EU that offer goods or services to individuals in the EU. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
What personal data do we collect and store from our customers?
Do we transfer data internationally?
The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria.
Although we are headquartered in the United States, Carbon Method has customers in the EU. In certain circumstances, we will process personal data that originates from the EU in the United States.
How do we handle delete instructions from customers?