General Data Protection Regulation
Last updated on May 23rd 2018
Data Protection & Commitment to GDPR
Patient Portal is fully committed to being compliant prior to the date GDPR goes into effect. We promise to safeguard your data.
The regulation ecompasses steps to be taken in all areas of protecting an individual's privacy -- setting up security mechanisms, compliance, repercussions of breach and more. Non-compliance beyond the enforcement date, is liable to attract heavy penalties.
Committed to protecting our customers personal data, is here to help customers and end-users understand significance of the GDPR, its requirements and our allegiance to comply by global standards.
Frequently Asked Questions
What is personal data?Any information relating to an identified or identifiable natural person ('data subject'). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as - name, email address or location, and also online identifiers like IP address, types of website cookies and other device identifiers.
For eg: Support tickets carrying personal data like name, location, social identity for purposes to record and solve an individual's support requests; CRM software collecting online identifiers to learn prospect activity on from the company website/product.
Who are data controllers, processors and sub-processors?A data controller is the entity/person that determines purposes and means of processing personal data of the EU resident. For eg. is a data processor and customers are controllers of the EU resident's data.
The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. Data processors provide services to the controller in accordance with each controller's instructions. Processors also use data collected to perform benchmarking analysis, so that it can sell further services allowing controllers to compare their data to industry averages.
Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR.
Who is a Data Protection (DPO) and does my business need one?The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:
- process large amounts of personal data
- carry out large scale systematic monitoring of individuals or,
- are a public sector authority
Can we use products before you are fully compliant?Yes, you can confidently continue with all products as we are currently in the process of achieving compliance. The regulation approved by the EU parliament in April 2016 provides businesses an adapting period of 2 years until the enforcement date of May 2018. Preparing for GDPR is a company wide challenge involving large amount of time, resources and expertise. is working towards it and will be GDPR compliant by May 2018.
How does my business benefit by complying with the GDPR?The GDPR helps restore consumer trust by acting as a central authority governing rules of data protection and rights across the EU. The new law allows businesses to undertake opportunities in the digital market while protecting an individual’s fundamental rights.
Businesses can capitalize on opportunities through:
- Cost savings and less complicated policy management by dealing with 1 law, not 28. This otherwise required expenses and efforts dealing with regulations for each member state locally.
- Consistency in practice of data protection measures both in and outside the EU. This is because the same regulation applies to all businesses, regardless of where they are based out of.
- The regulation enables innovation to flourish under the new law.
What do you mean by ‘Right to be forgotten’?Individuals have the right to have their personal data deleted, in the event that it is no longer needed. ‘Right to be forgotten’ is in support of - freedom of expression.
Does the GDPR require EU data to stay in the EU?No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfer of personal data outside the EU.
Data transfers from the EU to outside can be legitimized in many ways including
- EU-US Privacy Shield
- Model or Contractual clauses
- Binding Corporate Rules (BCR)
What does GDPR mean by “data protection by design and by default”?Data protection by design means, ensuring only that personal data which is required is collected, and also incorporate privacy features and functionality into products and services from the time they are first designed.
Data protection by default means, businesses must implement appropriate measures to mitigate privacy risks at the time of collection of the data, as well us by extending it at the time of processing it.