General Data Protection Regulation (GDPR)


What is GDPR

Overview

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. The GDPR is intended to protect and empower all EU citizens when it comes to data privacy and to reshape the way organizations across the region manage data.

Basic GDPR terms

Data Subject: Any information that enables a person/entity (aka: the data subject) to be identified such as by a name, identification number, location data, or an online identifier. This can also reference one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the data subject. This refers to Netcore’s customer’s clients.

Controller: The natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data. This refers to Netcore’s customers.

Processor: Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction at the direction of a Controller. This refers to Netcore.

Rights of the Data Subject

Netcore (as a Processor) enables its customers (the Controllers) to comply with their user’s (Data Subject) requests to exercise the Rights of the Data Subject under Article (12 – 23) of the General Data Protection Regulation (GDPR).

Right of access by the data subject

The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not their personal data is being processed.

The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs.

What it means with respect to Netcore

Netcore will facilitate the export of the Data Subject’s information, at the request of a Controller, including:

  • Any user identifiers
  • Attributes
  • Activity for that user

Right to rectification

The Data Subject shall have the right to update or correct, without undue delay, inaccurate personal data concerning their information maintained by the Controller. If the Controller has disclosed the personal data in question to third parties, they must inform the data subjects of the rectification wherever possible.

What it means with respect to Netcore

Controllers are provided with a facility to modify or update user profile data as necessary.

Right to erasure (‘right to be forgotten’)

The Data Subject shall have the right to obtain, from the Controller, the deletion of personal data concerning them.

What it means with respect to Netcore

Controllers are provided with a facility to delete user profile data as necessary.

Right to restriction of processing

The Data Subject shall have the right to obtain, from the Controller, restriction of processing due to the inaccuracy of personal data, the processing is unlawful, or the Controller no longer needs the personal data for the purposes of the processing.
A Data Subject who has obtained a restriction on data processing shall be informed by the Controller before the restriction on processing is lifted.

What it means with respect to Netcore

Facility to restrict processing user data.

Right of data portability

The data subject shall have the right to receive the personal data concerning him or her for any purposes with various services. It should be in a structured, commonly used and machine-readable format. The data subject have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided.

What it means with respect to Netcore

Controllers are provided with a facility to restrict data processing as necessary.

Right of data portability

The Data Subject shall have the right to receive a copy of their personal data collected by the Controller. It should be in a structured, commonly used and machine-readable format. The Data Subject has the right to transmit that data to another Controller without hindrance from the original Controller.

What it means with respect to Netcore

Controllers are provided with a facility to export data as necessary.

Right to object

There are three basic rights that can be used with regard to objecting to the processing of personal data under GDPR:

  1. Processing for direct marketing purposes
  2. Processing for scientific, historical research, or statistical purposes
  3. Processing based on two specific purposes:
    1. related to processing for specific purposes
    1. or which is justified on a particular basis.

There is no right for an individual to object to processing in general.

What it means with respect to Netcore

Controllers are provided with a facility to restrict user data when there is an objection to processing.

Thus, Netcore will help customers to comply GDPR rules with upcoming API, JS SDK, App SDK releases.

👍 For any queries, please contact gdpr@netcorecloud.com

For the relevant APIs, visit API Reference section of the Help CentreFor the official GDPR updates, please visit [here](https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en)