Data Protection law
Buiten-Yoga and the new Data Protection law
On May 25th, 2018, the General Data Protection Regulation (or GDPR) will come into effect. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. Buiten-Yoga will be compliant with the GDPR when it becomes enforceable in 2018. If you use our booking functionality to store personally identifiable data you may need to take action to ensure compliance with the new law.
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive and is intended to harmonize data protection laws throughout the European Union.
The new legislation aims to improve security of personal information and harmonize legislation. New measures include:
- Transparency on the collection, analysis and use of personal data
- Individuals can request access to their data, as well as correction or removal of their data
- Limit the processing, collecting and storage of personal data to specific and legitimate purposes
- Rules to inform authorities and customers in case of a data breach
- A single harmonized law for all organizations in the European Union
What are your responsibilities as a Buiten-Yoga organizer?
Buiten-Yoga organizers will typically act as the data controller for any personal data contained online bookings. Buiten-Yoga is a data processor and processes personal data on behalf of the data controller when you, or one of the end-users, is using the website to make a booking. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller.
Because your responsibility as a data controller depends on the type of information you store and it’s intended purpose we cannot give specific guidelines here. In a general sense, data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, purpose limitation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data. If you are a data controller, you can find guidance related to your responsibilities under GDPR by checking the website of your national data protection authority. You may also want to seek independent legal advice relating to your status and obligations under the GDPR specifically tailored to your situation.
What is Buiten-Yoga doing to comply with the GDPR?
Buiten-Yoga is already compliant with the current EU Data Protection Directive that the GDPR will be replacing. We will be fully compliant with the additional requirements set forth in the GDPR when it takes effect in May 2018. A non-exhaustive list of actions we have already taken, or are in the process of implementing:
- All customer information is stored on servers within the European Union. Our servers are located in state-of-the art data centers with 24/7 monitoring and security.
- Customers will be able to see which of their data is stored in our systems and can request removal.
- Where we use data processing services from third parties to store your information, we ensure that data processing agreements with those parties are in place and that they are located within the EU.
- We have a process in place that determines which of our team members have access to customer information, with appropriate actions should they leave their position.
If you have questions regarding our working methods with the GDPR, please feel free to contact us via firstname.lastname@example.org.