GDPR (Patrix interpretation)

General Data Protection Regulation What is it? What is its purpose? Who does it concern? What consequences will it have for our business processes? What can Patrix do to help? How does it effect Patrix’ relation to you?

What is it? General Data Protection Regulation A regulation created by the EU Parliament and Council Replaces the Data Protection Directive Takes effect on the 25 May 2018

What is its purpose? It was created so that each person shall be aware of and have the power over how its personal data is used by any business

Who does it concern? It protects all natural persons It regulates the use of personal data by any business processing data in the EU or that has its business in the EU whether the processing takes place inside or outside of the EU.

Roles: Data Subject Is a natural person of which personal data is processed.

Roles: Data Controller A Data Controller is a person or organisation that determines the purpose and means of the processing of data. There must be a named responsible person for this topic in any organisation that processes data in the capacity of Data Controller.

Roles: Data Processor A Data Processor is a person or organisation that processes personal data on behalf of a Data Controller. There must be a named responsible person in an organisation for the processing of personal data.

What practical consequences will it have for businesses It is the responsibility of the Data Controller only to process data in a legal manner: After consent If under a contractual obligation (data subject agreement party) If necessary by law If Data Controller’s (or third party’s) interest outweights Data Subjects fundamental right.

Consent Clear information on what, why, how and where the data will be processed. Right for data subject to withdraw its consent easily (right to be forgotten). Data Controller not to step ouside the boundaries. Limit the processing to a minimum regardless of the consent.

Control! The Data Controller must at all times have control over the personal data and be prepared to reply to any data subject on any question about its personal data and to delete it if so required.

What can Patrix do to help? Patrix can assist with identifying where any specific personal data is stored in the Patricia Db Patrix can assist with removing any personal data from the Patricia Db.

Relation Patrix-Client Processing Agreement Specific Assignment

Processing Agremment Patrix will need to have a Data Processing agreement in place betwen it and its clients (Data Controller). This agreement will regulate the general rules under which the data will be processed. Only one Agreement is needed and will have effect for an indefinite period of time.

Specific Assignment Patrix also needs a specific assignment from its clients before accessing personal data. This will be limited in time and very specific to the nature of the assignment.