GDPR

Introduction to GDPR

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.

Download the legislation here

Read more about GDPR at the European Commission

How does GDPR affect you?

The GDPR expands the privacy rights granted to European Union (EU) individuals. It places significant new privacy obligations on organizations based in the EU, as well as organizations that process data about EU individuals, regardless of where the organization is based.

You may be impacted by the GDPR if you are based in the EU, have operations in the EU, or otherwise process personal data about EU individuals. For example, you may be impacted if you market to or track EU individuals, regardless of where you are based. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.

GDPR in Norway

Even though Norway is not a member state of the European Union, Norway must comply to Regulation and the Directive under the European Economic Area (EEA) Agreement.

What does Idfy do to be GDPR compliant?

Idfy follows the best practice and guide lines developed by the The Norwegian Data Protection Authority (DPA), and independant public authority set up in 1980.

  • Delete files within set timeframes

  • Anonomize personal data

  • Support for consent screens

  • Data tagging

Read more here

Software development with Data Protection by Design and by Default