What is GDPR?
The General Data Protection Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a higher level of control over their personal data. GDPR will go into effect May 25, 2018.
Who will be affected by the GDPR?
The GDPR has far-reaching implications for all citizens of the European Union and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.
What data is important regarding GDPR?
GDPR directly refers to the protection of personal data. As a user of CN, this means your picture, your email, your name, your site usage and your social activity. We're in the process of implementing a seamless, easy to use privacy checklist that users can edit at any time. This will help ensure your personal data is being shared with who you choose, or it is being deleted. (link to future article)
How will CN comply with GDPR?
Our Legal Documentation
CourseNetworking sites and services are primarily operated on Amazon servers located in the United States. To improve our service and site for users, we may transfer your personally identifiable information from the EEA to the U.S. However, during these transfers, we take full precautions and provide the same level of protection as transfers residing in the EEA. As previously mentioned, we use Amazon servers, and through Amazon, we adhere to the EU-U.S. Privacy Shield Framework when transferring data from the EEA to the United States. Please see the Amazon Privacy Shield Policy certification for more information.
CN user rights under GDPR
- right to actively consent to every use of personal data
- the right to limit the use of your personal data
- the right to be 'forgotten' (e.g., unable to be found via search, etc.)
- the right to data portability
- the right to seek damages, should you suffer from misuse/breach of your data
If you would like to submit a deletion request or other inquiry regarding your personal data, please email us at firstname.lastname@example.org
Definition: A data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users.
If a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”