GDPR is here, so what? (Part 1)

GDPR is here, so what? (Part 1)

The massive EU privacy laws became effective on May 25th, 2018, so what does it mean? First, what is GDPR. GDPR stands for General Data Protection Regulation and it includes a series of laws that place restrictions on the use of “personal data.” These are different restrictions, so if you have spent much time on the Internet recently you have certainly seen many updates to privacy policies and been asked to acknowledge that you have read these changes. This has been particularly true with the major brand sites.

There are many facets to GDPR so let’s start by defining personal data, this is data that can identify an individual and includes specific information about them. It is important to note that the law makes no distinction between an individual in private, public, or work roles. Where the law represents significant change is in the requirement for consent.

The law defines consent as “any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.” In non-legalese, the subject must know what their data is going to be used for at the time it is collected. Moreover, the collector of the data must be able to clearly show how they received consent for collecting that data.

There is a recognition that “direct marketing purposes” can be a “legitimate interest” for use of such data. Legitimate interest, like informed consent, satisfies the principle that data has been fairly and lawfully used. Because “Direct Marketing” has not been defined there could be confusion when it comes to marketing using this data. However, most GDPR experts believe that marketing similar goods and services to existing customers is acceptable without direct consent. However, testing data against a profile to do mass marketing is certainly a violation. In a future blog post we will look at GDPR rules about access requests, portability, and the right to be forgotten.

Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free risk analysis. Check out our quick quiz to see if your practice is compliant!

For more information go to our website:


May 28, 2018 HIPAA Blogs
About admin

Leave a Reply

Your email address will not be published. Required fields are marked *