The General Data Protection Regulation (GDPR), enforced starting May 25th 2018, creates consistent data protection rules across Europe. It applies to organizations who are based in the EU and global organizations who process personal data regarding individuals in the EU.
While many of the principles resemble prior EU data protection regulations, the GDPR has a wider scope, more descriptive standards, and substantial fines.
Under the GDPR, there are a number of grounds to legitimize the processing of personal data. Below, we’ve outlined the most relevant legal bases under the GDPR.
You are the data controller when you decide the ‘purposes’ and ‘means’ of any processing of personal data.
You are the data processor when you process personal data on behalf of a data controller. Certain obligations now apply directly to data processors, and controllers must bind them to certain contractual commitments to ensure data is processed safely and legally.
When Labforward is processing data as a data processor acting on your behalf, your organization must its own legal basis to process and share the data with us.
Where Labforward provides services to our EU partners as a data processor on their behalf, we will ensure that we comply with the specific requirements for data processors. This means that, as needed, we will refresh any necessary contractual obligations to align with the GDPR.
Where we appoint parties to act as data processor on our behalf, we will also ensure that we have appropriate terms in place to comply with our requirements under GDPR and safeguard our data.
Where we act as a data processor on an organization’s behalf, we will be relying on our customer’s legal basis as data controller for our processing of such data.