The protection of personal data has been updated.
GDPR came into effect on May 25, 2018, providing enhanced protection for personal data in the EU. Learn about the rights of individuals and the obligations of entities.
Description
On May 25, 2018, GDPR (General Data Protection Regulation) or the General Data Protection Regulation (EU Regulation 679/2016) came into effect. Adopted on May 24, 2016, the European Parliament granted a two-year deadline for all entities managing the personal data of individuals to comply. This regulation is not the first of its kind; previously, each EU member or non-member state had its own regulations regarding personal data protection. In Romania, this was represented by Law 677/2001, supervised by the National Supervisory Authority for Personal Data Processing. GDPR is the first regulation to harmonize the legislation regarding personal data protection throughout the entire European Union.
The GDPR applies to any entity that controls or processes personal data of EU citizens, regardless of its geographical location. If the domestic law of an entity applies under international public law, the GDPR regulation will be mandatory.
What are personal data?
Personal data refers to any information related to an identified or identifiable natural person. This may include:
- Name
- Identification number
- Location dates
- Online identifiers
- Features specific to physical, physiological, genetic, psychological, economic, cultural, or social identity.
Rights of the data subjects
GDPR gives individuals greater control over their data by establishing the following rights:
- The right to be informed
- Right of access
- Right to rectification
- The right to deletion
- The right to restrict processing
- The right to data portability
- Right to objection
- Rights related to automated decision-making and profiling
Obligations of entities that manage personal data
The GDPR imposes several main obligations on entities that process personal data. Among these:
- Obtaining consent: Consent must be requested in a clear, intelligible, and easy-to-access format, accompanied by an explanation of the purpose of data processing.
- Reporting security incidents: Any security incident that poses a risk to individual rights and freedoms must be reported to the competent authorities within a maximum of 72 hours from discovery.
- Responsibility: Entities must implement technical and organizational measures to ensure the confidentiality and security of data processing.
Hostico's Compliance with GDPR
At Hostico, we have taken measures to align with GDPR regulations. These include:
- Improving web and physical security.
- Updating Hostico legal documents, including:
The documents will be updated whenever necessary to remain in compliance with GDPR regulations.
