Frequently asked questions about the GDPR

Do you have unanswered questions about the impending new General Data Protection Regulation (GDPR)? Maybe you aren't sure about what it will mean for your business and the measures you need to take to ensure your company doesn't come under fire. Here are the answers to most frequently asked questions about GDPR that everybody should be reading.

AOMEI's mission is “Always keep global data safer", that is also consistent with the goal of GDPR regulation to some degree. AOMEI is committed to full GDPR compliance — both as a company dealing with EU customers and as a vendor providing data protection service to other businesses that are subject to GDPR regulation.

Some FAQS of GDPR

What is GDPR?

The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that updates existing EU laws to strengthen the protection of “personal data” in light of rapid technological developments, the increasingly global nature of business and more complex international flows of personal data. It replaces the current patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state.

When will the GDPR go live?

The GDPR becomes enforceable starting 25 May, 2018.

Is there a GDPR certification?

No, there is not currently a GDPR certification issued by the European Commission, at least yet.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

How does GDPR change privacy law?

The key changes are the following: Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organizations, as well as customer profiling and monitoring requirements. GDPR also includes binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and a 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations. Overall the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.

Our company is based out of the EU. Do we need to comply?

Yes. If you offer your goods or services to any EU residents, then you must comply with GDPR.

We do not charge for services we offer. Do we need to comply?

Yes. The GDPR applies to firms that offer goods or services to EU residents irrespective of if payment is exchanged.

We process personal data manually [instead of using automated means]. Do we need to comply?

That depends on if the output of said manual data processing forms are intended to form part of a filing system, defined by Article 4(6) as “any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis”. In plain words, if the manual data processing contributes toward a database, then yes, you must comply. If said processing is one-off and does not enter a structured and accessible database, then the GDPR may not apply.

What type of data is considered to be personal data?

The GDPR categorizes a broad swath of data, such as name, email, location, IP address, and online behavior as personal data.

What does “privacy by design” mean?

Privacy by design means developing every part of your solution in a way that it ensures the highest level of data privacy at every stage. In other words, you have to think of protecting the privacy of your users/subscribers/customers all the time while planning the processing of their personal data.

Does personal data need to be encrypted?

It depends. The GDPR does not mandate that personal data be encrypted; it only requires that personal data be stored securely.

How do I obtain consent?

In general, consent needs to be explicit, opt-in, and freely given. This means popular opt-out based consent of today will no longer be acceptable.

What happens if I do not comply?

You may be fined for up to €20mm or 4% of your worldwide turnover (revenue), whichever is greater. You may also be subject to lawsuits by affected data subjects.

Do all organizations now have to appoint a Data Protection Officer (DPO)?

It is not necessarily compulsory for all organizations to appoint a DPO as this will be dependent upon a number of factors. According to the ICO, a company should appoint a DPO if they represent public authorities or organizations that process large scale monitoring or processing of sensitive personal data.

About AOMEI

AOMEI - the easiest backup keeps data safer, is an up-and-coming software company founded in 2009. AOMEI is a freeware-based company, striving to make 81% of the users free to use their products. With professional and reliable support service, AOMEI products are favored by users around the world. Today AOMEI solutions are available worldwide through a global network of service providers, distributors and resellers. AOMEI continued to grow and develop while bearing in mind their mission - Always Keep Global Data Safer, and strive to let billion of users benefit from AOMEI Products, and make AOMEI become the industry benchmark.