What is GDPR?

What are its core principles and who needs to comply?

The General Data Protection Regulation (GDPR) has been adopted by the EU on April 14, 2016. GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU). This new regulation will impact both organizations that conduct business in the EU, as well as businesses that maintain or process EU personal data. Besides legal obligations, it is NinjaRMM’s utmost interest to provide secure products and services that honors the data privacy of its users and provides a GDPR compliant solution to its customer base. We are firmly committed on being GDPR compliant and work tirelessly to improve our services.

Major key GDPR principles include:

Fairness and Transparency – Organizations must always process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation – Organizations can collect personal data only for specified, explicit, and legitimate purposes.

Data Minimization – Organizations can collect only personal data that’s adequate, relevant, and limited to what’s necessary for the intended purpose.

Accuracy – Personal data must be accurate and, where necessary, kept up to date.

Data Deletion – Also known as the right-to-be-forgotten, personal data must be kept only for as long as it’s needed to fulfill the original purpose of collection.

Security – Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration.

Accountability – A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.

NOTE: The above information is not intended to serve as legal advice and is provided by NinjaRMM for informational purposes only. If you have questions regarding GDPR implementation in your specific case, please contact a lawyer or consultant that specializes in GDPR.