This shows you the differences between two versions of the page.
— |
general_data_protection_regulation_gdpr [2020/07/01 17:15] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== General Data Protection Regulation (GDPR) ====== | ||
+ | |||
+ | The European Union General Data Protection Regulation (GDPR) | ||
+ | |||
+ | Any system (regardless of its location) that holds personal data about EU citizens needs to comply with this rule. Not complying could result in a fine of up to €20 million or up to 4% of the annual worldwide revenues. | ||
+ | |||
+ | Some of the key concepts of the regulations as they apply to Shambhala are: | ||
+ | |||
+ | * Processing of data needs to be based on informed consent of the data subjects (our members and contacts). They have the right of withdrawal at any time. | ||
+ | * Right to access, modify or erase (right to be forgotten) one's own data. | ||
+ | * Ensure full transparency about the purposes of the processing, with whom the data is shared, | ||
+ | * Obligation of notification to the authorities and data subjects in case of data breach within 72 hours after becoming aware of the data breach. | ||
+ | * Data protection by design and by default (meaning using a system that is conceived with data protection as the ground). | ||
+ | * Protecting our data with a mechanism of Anonymisation or pseudonymisation | ||
+ | * Collecting only needed info on data subject (do we need to know the gender of a person registering for an open meditation session?) | ||
+ | * Exposing only necessary data to operator (does an NY admin need to have access to personal data of a member in Melbourne?) | ||
+ | |||
+ | =====Resources about the GDPR===== | ||
+ | |||
+ | Here are a few resources about the GDPR: | ||
+ | |||
+ | * Start with wikipedia: https:// | ||
+ | * EU GDPR Portal: https:// | ||
+ | * MailChimp resources: https:// | ||
+ | * Bozhidar Bozhanov, LogSentinel, | ||