1. What is GDPR?

GDPR is a privacy and data protection law that regulates how the data of European Union residents is protected by companies and enhances the control EU residents have over their data shared on any platform.

The GDPR is relevant to any globally operating company that may be accessible to European businesses or citizens of the EU, either directly or indirectly. The customers’ data shared on our platform is important irrespective of where the customer is based, which is why, as a responsible platform, we have implemented GDPR controls as our baseline standard for all our operations across the globe.

2. Does the GDPR apply to me?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider, as it will also apply to non-EU businesses who: a) market their products to people in the EU, or b) monitor the behaviour of people in the EU. In other words, even if you’re based outside the EU but you control or process the data of EU citizens, the GDPR will apply to you.

In keeping with our ongoing commitment to privacy and security, MODENX is dedicated to making it easier for you to comply with the GDPR.

3. What are the main responsibilities under GDPR?

GDPR requires that personal data be:

• Processed lawfully, fairly, and in a transparent manner.
• Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Adequate, relevant, and limited to what is necessary for achieving those purposes
• Accurate and kept up to date.
• Stored no longer than necessary to achieve the purposes for which it was collected.
• Properly secured against accidental loss, destruction, or damage.

Further, GDPR places additional obligations on companies to document their processing activities and be able to demonstrate their compliance with the above principles.

It also codifies the requirement for companies to apply data protection by design and by default when developing and designing processes, products, and systems.

In addition, if a company uses service providers to process personal data on their behalf, they will need to ensure that they have an appropriate contract in place, ensuring that the service providers are obligated to apply GDPR’s data processing standards.

Similarly, if a company is transferring EU personal data outside the EU, they may only do so if it is being transferred to a country deemed by the EU Commission to have adequate data processing regulations.

For transfers to countries not deemed adequate, they must ensure appropriate alternative safeguards are in place.

Currently, under the Directive, approved transfer safeguards include the EU-US Privacy Shield and standard contractual clauses.