The General Data Protection Law (GDPR) impacts both citizens of the European Union (EU) as well as companies like Eastman that do business there. The law is designed to provide protections for the data collected by companies and gives people living in the EU rights to understand what's being done with the information.
Following is a list of questions that should provide you with a general understanding of GDPR and its impact on you and Eastman:
What is GDPR?
GDPR stands for General Data Protection Regulation. This is a new European regulation focused on unifying privacy across the European Union and protecting personal data of data subjects. It became enforceable May 25, 2018, superseding laws that date back to 1996.
To whom does the regulation apply?
The regulation focuses on the protection of a data subject related to processing and movement of personal data. The data subject must be a natural person living in the European Union. It is not based on European citizenship. It is not corporate entities.
What is included as personal data?
Personal data is any information relating to an identifiable natural person. Examples include name, phone number (business or personal), email address (business or personal), an identification number, location data, credit card numbers, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the data subject. This list is expanded beyond what is typically considered personally identifiable information (PII).
What rights are given to the data subject under GDPR?
The regulation gives data subjects:
What are the legal grounds in which Eastman can gather and process personal data?
Who is affected by GDPR?
Anyone that interacts with employees, contractors, vendors, and customers living in Europe.
What are Eastman’s responsibilities with GDPR?
Eastman must ensure that personal data is processed lawfully, fairly, and in a transparent manner. Any personal data must be collected for specific, explicit, and legitimate reasons. The collection of personal data should be limited to what is necessary. To do this, Eastman needs to know