Note the following article does not constitute legal advice. For information on how the GDPR affects you specifically, consult your legal counsel.
The European Union’s (EU) General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, is a data protection law designed to strengthen data protections and give EU residents and citizens more control over their personal data regardless of what business accesses that data.
All businesses that are operating in the EU (including businesses headquartered outside of the EU), that collect and use the data of EU residents and citizens, or that process data of EU residents and citizens are impacted by the GDPR.
Businesses, such as your own, that collect and use the data of EU residents and citizens are referred to as data controllers. Businesses like WellnessLiving that process the data of EU residents and citizens are referred to as data processors. Both data controllers and data processors are responsible for ensuring compliance with the GDPR regardless of where they’re located.
For example, WellnessLiving has servers located in the US but still follows GDPR guidelines because it processes data belonging to EU residents and citizens.
Note: The EU-USA Privacy Shield is a privacy framework for US companies to follow when working with data belonging to EU residents and citizens. Because WellnessLiving is a Canadian company, we don’t follow the EU-USA Privacy Shield framework. Instead we follow the GDPR guidelines.
Data controllers should be aware of the following aspects of the GDPR:
Personal data
The definition of personal data has been expanded to include any data relating to an identified or identifiable living person. This includes IP addresses, names, home addresses, and location data.
Data protection rights
Under the GDPR, individuals who are EU residents or citizens have expanded data protection rights. This includes the rights to access, correction, erasure, and portability.
Breach notifications
Under certain circumstances, data controllers are obligated to inform both the supervisory authority in their country and their customers of data breaches.
As a data processor, WellnessLiving strictly follows all GDPR guidelines and will support you in complying with the GDPR when appropriate. If you’re a data controller, you should have established processes for handling data requests and breaches and make sure you and your staff are aware of the implications the GDPR has for your specific business. You should also review your privacy policy to ensure it meets the standards set by the GDPR.
You can use the online waiver feature in WellnessLiving to set and update your privacy policy.