Frequently Asked Questions About GDPR
What is the GDPR?
GDPR is short for the General Data Protection Regulation that went into effect on May 25, 2018. It was passed by the European Parliament to create a harmonized data privacy law across member states of the European Union (EU). Its purpose is to support privacy as a fundamental human right and therefore give EU residents rights over how their personal data is processed or otherwise used.
What is considered personal data?
The GDPR defines personal data as ‘… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.
What rights does the GDPR provide to EU residents?
The rights of an EU resident under the GDPR, and how you can exercise those rights with respect to iCapture, are:
- Right of access: You, can ask us what personal data is being processed (used), why and where.
- Right to rectification: If you, want to correct, revise or remove any of the data that is stored on our servers – you may do so at any time.
- Right to be forgotten: If you, need to cancel your iCapture account at any time, we will permanently remove your account and all information associated with it.
- Right to restrict processing: If you, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
- Right to object: If you, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized (targeted) marketing content at any time, you may contact us to request removal of this data.
iCapture will provide the necessary mechanism to comply with requests from you.
What is iCapture doing to comply with the GDPR?
Our current privacy program has been certified to the obligations and standards of the EU-US and Swiss-US Privacy Shields, which means we lawfully transfer and protect the personal data of EU/EEA residents to the U.S. pursuant to the rules of the Federal Trade Commission and the EU. This means that we have already implemented many privacy requirements that are similar to those required by the GDPR.
What do I need to do differently to be compliant with the GDPR?
Please understand that both you and iCapture have obligations and requirements for GDPR compliance.
Our Data Processing Agreement requires you to lawfully obtain and process all personal data appropriately. You will need to continue to do this to be compliant with the GDPR.
If you collect EU residents’ personal data, you are likely to be classified as a data controller under the GDPR. This means you will have some additional obligations around such things as data subject rights. We urge you to understand this and seek legal advice where you think necessary.
We’ve created a GDPR Workflow so that you can document express consent to email your current contacts.
Disclaimer: This website not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how iCapture has complied with important legal points. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this information as legal advice, nor as a recommendation of any particular legal understanding.