GDPR overview
Read this article for an overview of the GDPR. To learn how Genesys Cloud addresses the GDPR and what your organization needs to know about Genesys Cloud’s GDPR implementation, see Genesys Cloud and GDPR compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation. It articulates the rights of people about the protection of their personal data. It also defines the responsibilities of organizations that collect and process personal data. Generally, the GDPR applies to individuals in the European Union. It deals with the responsibilities for organizations directing business to those individuals. GDPR enforcement date: 25 May 2018.
The GDPR “protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” These fundamental rights include the right to access their personal data, rectify their personal data, and delete their personal data stored by an organization.
Personal data under the GDPR
The GDPR defines personal data broadly. More specifically, the GDPR sets for the definition of personal data in Article 4, section 1:
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;”.
GDPR rights
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
GDPR roles at Genesys
Genesys employees with roles related to GDPR:
- Chief Privacy Officer – William Dummett
- European Data Privacy Officer – Shahzad Muhammad Naveed Ahmad
- Genesys Cloud Sr. Director of Security & Compliance – Eric Cohen CISSP, CIPM, CIPP/E
GDPR education
The General Data Protection Regulation (GDPR) is an important change in data privacy regulation. Genesys Genesys Cloud invested a significant amount of time in GDPR training for the Security and Compliance team. Training and certification from The International Association of Privacy Professionals (IAPP) began in early 2017.
Genesys Cloud GDPR project
Genesys Cloud commissioned a GDPR project to:
- Complete an updated data inventory and determine every location in which Genesys Cloud stores/processes/transmits PII
- Design and implement an API for our customers to implement their customers’ requests to exercise their fundamental data subject rights
- Complete a Data Protection Impact Assessment
To learn how Genesys Cloud is addressing the GDPR and what your organization needs to know about Genesys Cloud’s GDPR implementation, see Genesys Cloud and GDPR compliance.