What is GDPR?
In January 2012, the European Commission set out plans for data protection reform across the European Union (EU). In 2016, the commission reached an agreement on the required reforms and the means by which they would be enforced. One of the key reforms is the introduction of the General Data Protection Regulation, or "GDPR".
At its core, GDPR is a new set of rules designed to give EU citizens more control over their privacy, their data, and their consent for use of their data. Under the terms of GDPR, organizations who collect and manage personal data will be required to make sure that such data is gathered legally and under strict conditions, as well as protect it from misuse and exploitation. Organizations who fail to meet these requirements will face penalties. GDPR also promises consumers easier access to their personal data and requires that organizations explain how they use customer information in a clear and understandable way.
Under the GDPR regulation, consumers have additional provisions: the right to data portability and the right to be forgotten. Data portability allows consumers to receive their personal data from a data controller in machine-readable format and send it to another data controller. The right to be forgotten allows consumers to request that their personal data be erased by data controllers when it is no longer needed or if processing that data is unlawful in any way.
Further, GDPR requires that any organization experiencing a data hack notify the appropriate national bodies as soon as possible in order to enable EU citizens to take appropriate measures to prevent their data from being abused.
GDPR applies to every organization operating within the EU, as well as organizations outside the EU that offer goods or services to people or businesses in the EU. Its reforms are designed to modernize laws and obligations across Europe for the internet-connected age.
What are Radius' current compliance requirements with regard to GDPR?
To understand Radius' current compliance requirements, it's important to understand the difference between a data controller and a data processor. Put simply, a data controller determines the purposes and means of the processing of personal data, and a data processor processes personal data on behalf of the controller.
Businesses that use Radius are considered to be data controllers. Radius is currently a data controller and a data processor for US data. We market and sell products and services in the US only, and we process only US-based data. We do not market or sell into the EU at this time and we do not act as a data controller or data processor in the EU.
How can I get more information?
If you have specific questions about GDPR or Radius' compliance requirements, please email us at email@example.com.