Any information related to a data subject, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
A company that collects, stores or uses personal data must...
who they are, why they are processing the data, how long it will be stored for and who will receive it.
Get clear consent
from data subject to process the data, or get consent from person holding ‘parental responsibility’ if data subject under 16.
the lawful basis for its processing activity in the GDPR, document it and update privacy notice to include that information.
of consent - who, when, how, and what - and refresh it if anything changes.
Give people access
to their data and allow them to transfer it to another company or have it removed at their request.
process personal data to the extent necessary for its intended purpose.
at all times where and how user data is stored.
any data breach within 72 hours to appropriate country office and also inform users if there is a serious risk to their data.
a Data Protection Officer to ensure compliance with GDPR if company processes large amounts of data, whether for employees, individuals outside the organisation, or both.
Automate your GDPR audit process, track your user data, discover and manage existing user data points and third party integrations, automatically detect undocumented user data, create user data logs on request and generate consent pop ups, all in the WAAT GDPR Toolset.