Published on 28 Nov 2023.
On May 25, 2018, European legislation will come into force around the General Data Protection Regulation (GDPR) or General Data Protection Regulation. Lately, hardly a day goes by without hearing about the GDPR. As a result, almost every day over the past few weeks we've received an email about updating our privacy policy.
Security and privacy are also a top priority for Kinamo, so we too are making some adjustments to our privacy policy and clarifying how we handle your data. You can read here what the European GDPR legislation means for your relationship with Kinamo.
The GDPR in a nutshell
The European GDPR legislation is based on 4 pillars of privacy and data protection: transparency, accountability, consumer rights and notification obligations. We briefly explain what these mean.
Transparency
Companies must inform citizens of how their data is collected and processed. This explanation must therefore be formulated in an understandable way.
Here you will find the Privacy Commission's guidelines on transparency.
Responsibility
The GDPR introduces the obligation for companies to be accountable for the processing of personal data. This means that you must set a purpose for each processing operation and document a legal basis for how you apply the various GDPR principles. For more information on accountability, click here.
Consumer rights
In addition to existing rights (right to information, right of access, right of rectification and right to object), the GDPR introduces, among others, the right to be forgotten, the right to data portability and the right to object to profiling. For more information on the additional rights introduced by the GDPR, click here.
Obligation to report
Companies are required to report a data breach within 48 hours, unless it can be demonstrated that the breach poses no danger to the individuals about whom the data was collected.
More information on data breaches and how to report them can be found here." rel="nofollow"
Extension of the term "personal data
The term "personal data" has also been expanded to include data types such as IP addresses and sensitive data such as health data or information on cultural origin
For more information on how the Privacy Commissioninterprets personal data, click here.
GDPR fines
If the data collected is not managed properly, a serious data breach is not reported or a risk analysis is not carried out, the fine can be up to 2 % du chiffre d'affaires annuel. En cas de manquement grave, l'amende peut atteindre 4 % of sales or 20 million euros, whichever is higher.
Who does the GDPR apply to?
The GDPR applies to all companies and organizations that process the personal data of EU citizens. The same applies to large and small companies, sole traders and associations.
It is the controller's responsibility to ensure that its processor complies with data protection legislation, and processors themselves must comply with rules on keeping records of their processing activities.
Under GDPR legislation, Kinamo involves a role as data controller (regarding your customer data) and data processor (we process data for your services on our infrastructure). For both roles, we have made the necessary data protection and privacy arrangements.
The data administrator or "data controller" is the natural or legal person, public authority, department or body which, alone or with others, determines the purpose and means of processing personal data.
The data controller or "processor" is the natural or legal person or organization that processes data on behalf of the data controller.
For example: if you collect and store data for marketing purposes (e.g. via a form on your website), you are the data controller.
For example, if you do this via a "cloud provider", then this "cloud provider" must also comply with GDPR legislation, as it is the data controller ("data processor").
Kinamo helps you comply with the GDPR?
As of now, data collection is subject to strict rules. Users must explicitly give their consent and have the right to view their data or demand that it be deleted at any time. It is therefore preferable not to simply purchase or create data lists without taking the necessary measures.
As an experienced cloud provider, Kinamo has gained solid experience over the years in IT infrastructure security as well as data processing, management and recording.
Is GDPR just an "IT" story? Certainly not... We are therefore aware that making your organization GDPR-compliant requires a fresh look at your experience as a manager of your own processes and at Kinamo's added value for optimizing your organization's digital processes. Check out our previous blog post on "The impact of GDPR legislation on SMEs" here.
Kinamo has also updated its privacy policy. You can view it here. For more information on our privacy policy or if you have any questions regarding the processing of your personal data, please contact Kinamo's Data Protection Officer at privacy@kinamo.be.
