2. Also, I would like to know: if we weren't GDPR compliant before, does this mean we have to contact all of our databases to reacquire their consent all over again in the new GDPR way?
3. Our website asks ppl to sign up to receive emails - so we collect email and their name - if they want they can sign up via Facebook or telegram messenger too but it's primarily email and name. Do these 2 things count as 'personal information'?
4. What does 'personal information' include?and I'm so sorry but one last final question to add to the previous one: if you have an ebook or some other kind of material available on the website but we ask that you register with your email address in order to continue reading, does this still constitute 'consent given freely'?
1. With some minor exceptions the rules regarding the EU GDPR apply to all companies regardless of their size. The most important is the exemption from keeping records of processing activities pursuant to article 30 - “Records of processing activities” (https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/). This document is mandatory if (a) the company has more than 250 employees; or (b) the processing the company carries out is likely to result in a risk to the rights and freedoms of data subjects; or (c) the processing is not occasional; or (d) the processing includes special categories of data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation);or (e) the processing includes personal data relating to criminal convictions and offences.
2. Where consent has been given under the Data Protection Directive, it will continue to be valid under the EU GDPR if it also meets the requirements of the Regulation.
This may be difficult given the new and stringent requirements for consent. In theory, some businesses should therefore consider approaching their existing customers or employees to obtain a fresh consent that is valid under the Regulation.
3. Name and email address constitute personal data.
4. The EU GDPR define personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Examples of personal data include: name, surname, email address, physical address, IP address, internet identifiers, bank account data, images, etc.