General Data Protection Regulation (GDPR)

What is GDPR

Overview

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Basic GDPR terms

Data Subject: Any information that enables a person/entity (data subject) to identify, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity etc. Here, it is the end user or CEE customer's users.

Data Controller: The natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Here, it is CEE customers

Data Processing: Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction. Here, it is the CEE

Rights of the Data Subject

📘

CEE (as Data Processor) enable its customers (Data Controllers) to comply with their users (Data Subject) requests to exercise Rights of the Data Subject under Article (12 - 23) of General Data Protection Regulation (GDPR).

Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

What it means w.r.t. CEE

Facility to export user data

  • It's for the identified user
  • Facility to export what all attribute/activity data captured for that user

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. If Data Controller have disclosed the personal data in question to third parties, they must inform their users (data subjects) of the rectification wherever possible.

What it means w.r.t. CEE

Facility to modify user profile data

Right to erasure ('right to be forgotten')

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her.

What it means w.r.t. CEE

Facility to delete all user data

  • Activity
  • Attribute

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing due to the inaccuracy of the personal data or the processing is unlawful or the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claim.
A data subject who has obtained restriction of processing pursuant shall be informed by the controller before the restriction of processing is lifted.

What it means w.r.t. CEE

Facility to restrict processing user data.

Right of data portability

The data subject shall have the right to receive the personal data concerning him or her for any purposes with various services. It should be in a structured, commonly used and machine-readable format. The data subject have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided.

What it means w.r.t. CEE

Facility to export user data

Right to object

There are three basic rights to object to the processing of their personal data in certain circumstance given by GDPR.

  1. Processing which is for direct marketing purposes
  2. Processing for scientific/historical research/statistical purposes
  3. Processing based on two specific purposes
    All relate to processing carried out for specific purposes, or which is justified on a particular basis. There is no right for an individual to object to processing in general.

What it means w.r.t. CEE

Facility to restrict user data


Thus, CEE will help customers to comply GDPR rules with upcoming API, JS SDK, App SDK releases.


👍

For any queries, please contact [email protected]

For the relevant APIs, visit API Reference section of the Help Centre
For the official GDPR updates, please visit [here](https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en)