Global Data Protection Regulation compliance
The European Union's General Data Protection Regulation (GDPR) became effective on May 25, 2018. The GDPR intends to put EU residents in control of their personal data by regulating how their data is collected, processed, stored, deleted, transferred, and used. Any company, local and international, that does business in Europe or handles the personal data of EU residents should comply with the new rules. Noncompliance can result in financial penalties.
For organizations that have access and control of such data, the regulation obligates the organizations to proactively protect data. An EU citizen or resident has these rights, for example:
- Know what personal data is collected; the right to be informed
- Access to their personal data
- Ask that their data be updated; the right of rectification
- Ask that their data be erased; the right to be forgotten
- Ask that their data be restricted regarding who can process their data; the right to restrict processing
- Ask that their data be provided to them in a machine-readable format; the right to data portability
- Object to how their data is being used
- Request consent or opt out of automated decision-making and profiling
Personal data consists of any information relating to an identified or identifiable individual, entity, or data group. An identifiable person is one who can be identified directly or indirectly, by use of personal data that could be combined with other data that would make an individual reasonably identifiable. This data includes anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or online identifiers, including IP addresses and device IDs.
Infor is committed to ensuring that Infor's products and processes meet or exceed stringent global regulatory requirements, including GDPR.