faqs

GDPR FAQs

Q1. What is GDPR?

The General Data Protection Regulation (GDPR) is the new European Union Regulation aimed at protection and free movement of personal data and the rights of individuals including children. It replaces the Data Protection Directive (1995) and The UK Data Protection Act (1998). It was approved by the EU Parliament on 14th April 2016 and goes into effect on 25th May 2018. Its aim is to ease the flow of personal data across 28 EU member states.

Q2. Who does GDPR apply to?

GDPR applies to every organization which processes and holds the personal data of any individual (referred to as data subject) residing in the EU, regardless of where the company is based.

Q3. What is personal data?

Any information relating to an individual, be it his/her private, professional or public life. It can be anything such as name, email address or location, demographic information, photos and even identifiers such as IP address and types of website cookies.

Q4. What is meant by data processing?

Data Processing means the collection, storage, transfer, or use, or any kind of personal data.

Q5. Who are data controllers and data processors?

Data controllers are individuals/organizations that collect data from data subjects i.e. end users, whereas Data Processors are organizations that provide services to Data controllers and process data on behalf of them.

Q6. How does GDPR affect ShepHertz’s customers?

As per GDPR’s definition, ShepHertz is considered as a Data Processer, which means we receive large amounts of data from all over the world, including personal data from data subjects. This means that both ShepHertz and our customers (The Data controllers) sending us data will need to comply with the requirements of the GDPR. You (The Data Controllers) must receive consent from your customers (Data subjects) for the collection and processing of any personal data they will share through your services.

Q7. Does GDPR require data to be stored in EU?

No, the GDPR does not require EU personal data to stay within the EU, nor does it place any new restrictions on transfer of personal data outside the EU as long as there is a legal framework in place to validate the data transfer.

Q8. Is ShepHertz compliant with GDPR?

Yes, ShepHertz is now fully compliant with the GDPR. You are requested to use our updated SDKs to ensure you are empowering your users to have complete control over their personal information.

Q9. Who is a DPO and does my business need one?

The Data Protection Officer (DPO) is responsible for educating the organization and its employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:

  • process large amounts of personal data
  • undertake large scale systematic monitoring of individuals or,
  • are a public sector authority (except for courts acting in their judicial capacity)

Q10. What are the penalties for failing to comply with GDPR?

There is tiered approach to fines. The maximum fine any organization can face is 4% of their annual global turnover, or €20 million, whichever is the higher. Less serious violations, such as having improper records (Article 28), or failing to notify of any breaches, can be fined a maximum of 2% of their annual global turnover, or €10 million. These fines apply to both controllers and processors.