GENERAL DATA PROTECTION REGULATION (GDPR)
The GDPR (General Data Protection Regulation) is a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on May 25, 2018.
Lightcat's Complicance with GDPR
We have you covered for GDPR. Lightcat is compliant with GDPR and upholds its values both in priciple and practice. If you have any questions, you may send them to firstname.lastname@example.org.
1. LightCat, the product, does not capture personally identifiable data. The responses are anonymised.
2. Cookies: LightCat does drop a cookie to prevent duplicacy of a response. Duplicacy is still possible if the person uses another browser, or clears cookies manually, as there is no personal identification of the respondent.
3. LightCat, the service, does need you, the LightCat customer, to login and therefore share your personally identifiable data with us. You can delete your account or email us at email@example.com to permanently delete your personal data.
Psychographic Segmentation and GDPR?
GDPR protects the rights of findividuals with 3 specific elements of the definition of "profiling":
1. It implies an automated form of processing;
2. It is carried out on personal data; and
3. The purpose of it is to evaluate certain personal aspects of a natural person to predict their behaviour.
When you are segmenting your market psychographically, you are performing this on the market, or "groups of users" in general - and not to a specific individual. Secondly, you are not running an automated process on that data. And finally and most importantly, the data you are collecting is anonymised (the audience need not disclose their personal information)
What is the GDPR?
The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.
The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data. In summary, here are some of the key changes to come into effect with the upcoming GDPR:
1. Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, among other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
2. Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
3. Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
4. New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
5. Increased enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
If you are a company outside the EU, this still affects you. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.