Privacy Compliance Resources

GDPR Regulations

Where MinerEye Enables Your Organization to Comply with GDPR Regulations

This section presents describes how MinerEye’s solutions enable your organization to achieve compliance with GDPR requirements. This section is general and introductory in nature and is not intended to provide, and should not be relied on as, a source of legal advice.

About the GDPR

On 25 May 2018, the General Data Protection Regulation (Regulation (EU 2016/679) (‘GDPR’)) went into effect. The GDPR is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Territorial Scope of the GDPR

The GDPR applies to organizations that have a presence in the EU, notably entities that have an “establishment” in the EU.

Therefore, the GDPR applies to the processing of personal data by organizations established in the EU, regardless of whether the processing takes place in the EU or not. In relation to the extraterritorial scope, the GDPR applies to the processing activities of organizations that are not established in the EU, where processing activities are related to the offering of goods, or services to individuals in the EU.

Art. 19 GDPR – Notification obligation regarding rectification or erasure of personal data or restriction of processing

At each rectification or erasure, the controller must notify the subject of the data…

Read More
Art. 20 GDPR – Right to data portability

Article 20 establishes that the data subject has the right to directly transfer data from one controller to another…

Read More
Art. 21 GDPR – Right to object

Article 21 establishes a series of circumstances in which the data subject may object to the processing of their data, such as when there is a violation of article 6 (lawfulness)…

Read More
Art. 22 GDPR – Automated individual decision-making, including profiling

Article 22 states that the data subject must not be subject only to decisions made through 100% automated means (AI). It is only excepted when there is a contract between the data subject and the controller, when the subject expresses their consent or when legally authorized by the Union or State members…

Read More
Art. 23 GDPR – Restrictions

The Union and Member States are authorized to create restrictions, via legislative measures, with regard to data processing, when discussing certain points such as public interest and national defense…

Read More
Art. 24 GDPR – Responsibility of the controller

Article 24 determines general rules for the controller, in short, principles that the controller must have when processing data. The GDPR establishes in article 24 that the controller must implement adequate security means, that is, the controller must be able to prove that it has applied the minimum security measures when processing the data…

Read More