European GDPR compliance
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a new regulation that addresses the collection, use, processing and transfer of the personal data of European Union citizens.
It applies to all European Union member states and any entity that transfers the personal data outside of the European Union.
GDPR is a major concern for market research and insights organisations as:
- Research is global.
- Market research and insights organisations often collect personal data.
- Personal data is often transferred by market research and insights organisations across international borders.
If your company collects personal data from European Union citizens, GDPR applies to you.
Essential steps to address
Below are some of the steps Cint has addressed. We suggest that any organisation interested in GDPR compliance, address these as well:
- Build company awareness and obtain management support
- Perform a Data Protection Impact Analysis (DPIA)
- Appoint a Data Protection Officer (DPO)
- Review and document the data you hold and process
- Review and update the communication of privacy information (privacy policies or notices)
- Address the rights of Data Subjects, including subject access requests
- Review the legal basis for data processing
- Address the requirements with respect to consent
- Review the requirements with respect to children
- Address data breach requirements
- Address data protection by design
- Identify an enforcement agency
Cint’s Data Protection Officer
Cint has appointed a Data Protection Officer (DPO) whom you can contact if you have any questions about Cint’s GDPR program. Please get in touch via firstname.lastname@example.org.