GDPR Introduction

The General Data Protection Regulation (GDPR) sets data protection and privacy guidelines for handling the personal data of individuals within the European Union (EU). As such, it applies not only to all organisations established in the EU that handle personal data but also to any non-EU established organisation that processes personal data of individuals who are in the EU. The GDPR came into force on 25 May 2018.

By design, our infrastructure platform is a technology framework built with the flexibility to adapt to any compliance standard. With many other standards in effect and new ones pending, this adaptability is key to ensuring long-term adherence to standards and regulations.

It approaches GDPR as just one of many compliance requirements. GDPR-like laws are being enforced in various other jurisdictions. Our infrastructure platform isn't only complying with GDPR and hard-coding those rules but ensures that any number of government legislated privacy rules can be easily added and accounted for. It is flexible to adhere to any legislation in any country.

Definitions

Data controller: a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. You are a data controller as soon as you do anything with other people’s personal data through your website (e.g. newsletter subscription, contact form, etc.).

Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. If your Insites sites or Instances use third-party applications that process personal data for you, they are considered data processors.

Personal data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive data: a sub-category of personal data that reveals any racial or ethnic origin, financial status, political opinion, philosophical belief, religion, trade-union membership, sexual orientation, concerns health or sex life, genetic data, or biometric data.