This shows you the differences between two versions of the page.
general_data_protection_regulation_gdpr [2019/03/09 02:14] john_smith created |
general_data_protection_regulation_gdpr [2020/07/01 17:15] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== General Data Protection Regulation (GDPR) ====== | ||
- | |||
- | The European Union General Data Protection Regulation (GDPR) | ||
- | |||
- | Any system (regardless of its location) that holds personal data about EU citizens needs to comply with this rule. Not complying could result in a fine of up to €20 million or up to 4% of the annual worldwide revenues. | ||
- | |||
- | Some of the key concepts of the regulations as they apply to Shambhala are: | ||
- | |||
- | * Processing of data needs to be based on informed consent of the data subjects (our members and contacts). They have the right of withdrawal at any time. | ||
- | * Right to access, modify or erase (right to be forgotten) one's own data. | ||
- | * Ensure full transparency about the purposes of the processing, with whom the data is shared, | ||
- | * Obligation of notification to the authorities and data subjects in case of data breach within 72 hours after becoming aware of the data breach. | ||
- | * Data protection by design and by default (meaning using a system that is conceived with data protection as the ground). | ||
- | * Protecting our data with a mechanism of Anonymisation or pseudonymisation | ||
- | * Collecting only needed info on data subject (do we need to know the gender of a person registering for an open meditation session?) | ||
- | * Exposing only necessary data to operator (does an NY admin need to have access to personal data of a member in Melbourne?) | ||
- | |||
- | =====Resources about the GDPR===== | ||
- | |||
- | Here are a few resources about the GDPR: | ||
- | |||
- | * Start with wikipedia: https:// | ||
- | * EU GDPR Portal: https:// | ||
- | * MailChimp resources: https:// | ||
- | * Bozhidar Bozhanov, LogSentinel, | ||