Privacy Compliance Resources

GDPR Regulations

Where MinerEye Enables Your Organization to Comply with GDPR Regulations

This section presents describes how MinerEye’s solutions enable your organization to achieve compliance with GDPR requirements. This section is general and introductory in nature and is not intended to provide, and should not be relied on as, a source of legal advice.

About the GDPR

On 25 May 2018, the General Data Protection Regulation (Regulation (EU 2016/679) (‘GDPR’)) went into effect. The GDPR is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Territorial Scope of the GDPR

The GDPR applies to organizations that have a presence in the EU, notably entities that have an “establishment” in the EU.

Therefore, the GDPR applies to the processing of personal data by organizations established in the EU, regardless of whether the processing takes place in the EU or not. In relation to the extraterritorial scope, the GDPR applies to the processing activities of organizations that are not established in the EU, where processing activities are related to the offering of goods, or services to individuals in the EU.

Art. 13 GDPR – Information to be provided where personal data are collected from the data subject

Article 13 states that when data are collected directly from the data subject, the controller must provide certain information such as the identity and contact details of the controller, the purposes of data collection and the legal bases for doing so, as well as the processing period and the possibility of requesting data rectification and erasure…

Read More
Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject

As well as article 13, article 14 defines certain conditions that the controller must fulfill when collecting data not directly from the data subject. These requirements basically do not differ from article 13 and cover points such as: identity and contact of the controller, purposes and legal rationale for processing and processing time, among others…

Read More
Art. 15 GDPR – Right of access by the data subject

Article 15 establishes the right of the data subject request for access to some information provided by the controller in articles 13 and 14, such as for the purposes of processing. The GDPR in article 15 defines the right of the data subject to have a copy of this information…

Read More
Art. 16 GDPR – Right to rectification

Article 16 is noteworthy because it establishes the right of the data subject to obtain rectification of their data, when they are in error or incomplete. The GDPR establishes that the controller should provide for such rectification within a reasonable time…

Read More
Art. 17 GDPR – Right to erasure (‘right to be forgotten’)

Article 17 is of relevant importance in the GDPR and establishes a series of conditions in which the controller is obliged to delete the processed data, as in the case of no longer having a legal basis for this, the subject’s withdrawal of consent to holding the data, or expiry of the stipulated time for processing…

Read More
Art. 18 GDPR – Right to restriction of processing

Article 18 establishes that the subject of the data may, by certain criteria, require the restriction of the processing of their data, for example, when the processing is not legal, and the subject is opposed to the deletion/erasure of the data and requires its restriction…

Read More