GDPR and Carbonite

If you’re doing business in the EU, you’ll need to comply with the new General Data Protection Regulation (GDPR). Carbonite can help support GDPR requirements.

Carbonite and the General Data Protection Regulation (GDPR)

Download the Carbonite GDPR white paper

What’s new for EU data protection?

On May 25, 2018, the EU Data Protection Directive will be replaced by the General Data Protection Regulation (GDPR). GDPR expands protection for EU residents, giving them greater control over the collection and use of their personal data and online activity. It broadens the scope of the law to impose direct statutory obligations on data processors and non-compliance fines of up to €20 million or 4% of annual worldwide turnover (whichever is higher) for material breaches.

GDPR summary

Organizations subject to GDPR oversight are responsible for the following:

  • Appropriate measures for protecting personal data
  • Transparent data handling processes
  • Ability to demonstrate compliance
  • Accountability regarding data privacy governance

GDPR applies to organizations involved in the following activities:

  • Processing of personal data in the EU
  • Having subsidiaries, branches, representatives or agents in the EU
  • Offering goods or services to individuals in the EU
  • Monitoring the behavior of individuals in the EU

GDPR covers personal information which is defined broadly to include types of data that could identify an individual, including but not limited to:

  • Names
  • Addresses
  • Contact details
  • HR records
  • Device IDs
  • IP addresses
  • Cookies
  • RFID tags
  • Location data

How GDPR defines data processing

GDPR defines processing as any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Individual rights

The law protects anyone in the EU whose data is subject to collection or processing and grants several rights, some of which include:

If personal data is inaccurate or incomplete, individuals have the right to have their data rectified or completed by the data controller.

Individuals can request that their personal data be erased, including where continuing to process or hold the data is no longer relevant or appropriate.

Upon request, data controllers must provide certain personal data in a portable or machine-readable format.

Central themes of GDPR

GDPR establishes the following two principles as central themes which organizations must adhere to:

Privacy by design

Data processing operations must use appropriate technical and security measures to protect the privacy of personal data.

Privacy by default

Only personal data that is necessary for the specific purpose of the processing may be processed.

Learn more

For a comprehensive breakdown of how specific Carbonite® solutions support GDPR compliance for EU organizations, please download the GDPR white paper.
Download now