GDPR stands for General Data Protection Regulation. It is a piece of European data protection legislation and regulation implemented by the European Union (EU) to protect the privacy and personal data of individuals within the EU. The GDPR was adopted in April 2016 and became enforceable on May 25, 2018.
The main objective of the GDPR is to provide individuals with greater control over their personal data and to establish a harmonized framework for data protection across all EU member states. It applies to any organization, regardless of its location, that processes the personal data of individuals within the EU.
Key principles and provisions of the GDPR include:
Consent: Data controllers must obtain clear and explicit consent from individuals before processing their personal data. Consent should be freely given, specific, informed, and unambiguous.
Awareness: You should make sure that decision-makers and key people in your organization are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
Data subject rights: The GDPR grants individuals various rights, such as the right to access their personal data, the right to rectify inaccurate data, the right to erasure (also known as the “right to be forgotten”), the right to data portability, and the right to object to processing.
Communicating privacy information: You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
Data breach notification: Organizations must notify the relevant supervisory authority without undue delay (within 72 hours) in the event of a data breach that poses a risk to individuals’ rights and freedoms.
Children: You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
Data protection officer (DPO): Some organizations are required to appoint a Data Protection Officer who is responsible for overseeing data protection activities and ensuring compliance with the GDPR.
Information you hold: You should document what personal data you hold, where it came from, and who you share it with. You may need to organize an information audit.
Accountability and transparency: Organizations must be able to demonstrate their compliance with the GDPR through documentation, policies, and procedures. They are also required to provide clear and transparent information to individuals about how their data is being processed.
Cross-border data transfers: The GDPR imposes restrictions on transferring personal data outside the EU to countries that do not ensure an adequate level of data protection. It provides several mechanisms for legitimizing such transfers, such as the use of standard contractual clauses or binding corporate rules.
How Does This Affect You?
When you use our service, we store your personal data on our servers. Doing so allows us to operate our website, issue you documentation for your journey and ensure your travel runs smoothly.
This classes us, Airport Collections.net, as a ‘data controller’ and a ‘data processor’, as a customer or passenger of Airport Collections.net is a ‘data subject’, although you may also be acting as a ‘data controller’ especially if you are booking on behalf of someone else.
As a data controller, you may need to take steps yourself in order to comply with GDPR requirements.
Non-compliance with the GDPR can result in significant fines, which can be up to 4% of the global annual revenue of the organization or €20 million, whichever is higher.
It’s important to note that while the GDPR is an EU regulation, its impact extends beyond the EU, as it applies to organizations outside the EU that process the personal data of individuals within the EU. Many countries around the world have also adopted similar data protection laws inspired by the GDPR to enhance privacy rights for their citizens.
What We Are Doing to Comply With GDPR?
Dublin Airport Collection takes data security very seriously. We take a number of steps to protect your data, including:
- Forces an “HTTPS” connection to our web server.
- Run regular security scans on our network.
- Scan all computers regularly with heavy virus protection software.
- Keep an inventory of all personal data we store and ensure we only collect the data necessary to perform our services.
- Maintain a “data flow map” which lists where we store data, including any third parties involved.
- Regularly review our data protection policy and ensure appropriate training for employees.
- Train employees on “data breach protocols” to ensure everyone knows what to do in the unlikely event of a data breach.
Dublin Airport Collection is committed to being fully compliant with this regulation.
If you have any questions please use our Contact Us page alternatively you can download a PDF copy of the General Data Protection Regulation here.