GDPR

Introduction

The General Data Protection Regulation (GDPR) proposed by the European Union applies to all kinds of Personally Identifiable Information (PII) acquired from the public web. If an application intends to collect data from the web about citizens residing in the European Economic Area (EEA) then you need to design your Web application with GDPR compliance in mind.

If you are working with Info Science Labs Corporation on a co-operative web application or an integrated project then we can work with you on legal terms to help you achieve GDPR compliance for your individual project. The task of ensuring that the collected Personally Identifiable Information (PII) is GDPR compliant completely rests with you. For projects where collection of PII is not a primary task, we can provide you with tools that will help you sort any accidental collection of PII that might subject you to GDPR.

What exactly is GDPR?

The EU’s (European Union) GDPR explicitly outlines certain requirements that organizations or concerned individuals must adhere to for the collection, processing and transfer of PII (Personally Identifiable Information) about EEA (European Economic Area) residents.

Key Concept :

GDPR underlines some key concepts or situations under which information available on the web that can identify a person can be processed or stored.

  • Consent has been acquired from the subject to which the data relates (very rare in case of Web-based data projects).
  • The data processing is necessary for the execution of a contract, compliance with a legal agreement, public interest, national interest or legitimate cause for the data processor.

In case you consider that you have a legitimate interest in collecting data over the web, there are certain examples that the GDPR puts up for efficient understanding of what constitutes legitimate interests. Your interests including all marketing interests should fit in those categories provided by the GDPR, although it is still required that your collection of PII should have minimal impact on the privacy of the data subjects.

What exactly counts as PII?

In the GDPR documentation, PII or Personally Identifiable Information is broadly defined as “any information that can be used to identify a person or potentially render the person identifiable”. This definition covers the generic personal information including name, residential address, contact number, identification number on different documents of proof, etc. Along with the above stated general terms, PII also constitutes information that may help in uniquely identifying a person including physical attributes, likenesses, etc. If such indirectly identifying PII is collected from the web in bulk, in an anonymous manner such that it cannot be traced back to a single person then GDPR may not apply in that specific operational condition. However, it should be noted that if a number of such attributes collected can be connected in a way to be traced back to an identifiable person then GDPR would be applicable to the data processing.

How can you know whether GDPR applies to you or not?

It is relatively simple to understand whether GDPR applies to you or not. If your data collection project positively affirms to all or some of the following points then GDPR applies to you.

  • You collect web data that directly or indirectly relates to individual people and might be used to identify them.
  • The people you are collecting data about are EEA residents.
  • If you are extracting data in such a way which is making it possible to reach the individual concerned just by processing that data.
  • Your interests are in the legitimate interests acknowledged by the EU regarding the processing and collection of PII or EEA residents.
Some Instances
GDPR APPLICABLE :
  • Consent has been acquired from the subject to which the data relates (very rare in case of Web-based data projects).
  • The data processing is necessary for the execution of a contract, compliance with a legal agreement, public interest, national interest or legitimate cause for the data processor.
GDPR NOT-APPLICABLE :
  • The data that you are collecting does not directly identify a living person on its own. Information and data about prices of products, store locations and information about companies, etc. come under this banner.
  • Extraction of user reviews submitted by actual persons but the usernames under which the reviews are written are not sufficient enough to identify a real person.
  • Collection of data regarding the contact details of businesses and organizations.
Data Processors and Controllers

Speaking in the context of your own Web-data collection project, you are the sole Data Processor and Data Controller. If you are storing and processing the data collected from the web through Adcrux’s services, it makes you the Data Processor. At the same time, you are also commanding Adcrux to collect such information on your behalf, making you the Data Controller as well. Adcrux is only a Data Processor as we only collect information and data when instructed to do so by our clients.

In case of any queries regarding this GDPR notice, please feel free to reach out to us. We’ll be happy to attend to your issue.

8 The Green, Ste A, Dover, DE 19901, USA.