Gifty Club, LLC & the GDPR
Gifty Club, LLC is a network of luxury monthly subscription box brands that deliver hard-to-find, unique items across the globe and to your door. But while that is our core business, we are also focused on the privacy and security of our customer and prospective customer data. As a result, we keep current on all global initiatives to secure your data while you grant us permission to maintain it online.
As a result, we have written this informative document outlining recent privacy law changes that effect consumers living within the European Union. We hope you take the time to read it.
The General Data Protection Regulation (GDPR) is a new and very comprehensive EU privacy law that came into effect on May 25, 2018. The GDPR harmonizes data privacy laws across the EU and mandates how companies collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether such company has any physical presence in the EU, or even whether it has any EU customers.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive, new EU law which mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world.
2. When did GDPR become law?
GDPR came into effect across the European Union on May 25, 2018. It’s a regulation meaning that it has become law in all EU Member States on that date. Despite Brexit, the United Kingdom is committed to stay compliant with the GDPR.
3. What is the definition of “personal data” under GDPR?
The first and most important thing to realize is that the EU concept of “personal data” is much, much broader than the United States concept of Personal Identifiable Information, or “PII.” Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.
4. Why is Gifty Club, LLC focused on GDPR?