The General Data Protection Regulation (GDPR) is the world's most stringent privacy and security regulation. Despite the fact that it was designed and enacted by the European Union (EU), it puts duties on enterprises everywhere that target or collects data about people in the EU. On May 25, 2018, the regulation went into force. The GDPR will impose heavy fines on those that break its privacy and security regulations, with penalties ranging from tens of millions of euros to millions of dollars.

Simply put, it demands businesses to be open with their customers about what data they collect and keep about them, how they utilize that data, and how they achieve their goals. It also gives anyone whose data has been gathered the right to object to the storage or processing of personal data, as well as the right to get a copy of the data or have it erased.

Personal information collection under GDPR

Almost every online service requires the collection and storage of personally identifiable information. This information may include your name, email address, phone number, and credit/debit card number. The concept of personal data has been broadened such that IP addresses can now be considered personal data.

GDPR compliance within and beyond the EU guarantees that personal data is collected lawfully, that data owners' rights are respected, and that data is not exploited.

GDPR for Business

GDPR applies to firms operating both within and outside of the EU that provide goods or services to customers or businesses. Businesses that fail to safeguard gathered user data risk sanctions. GDPR compliance is required to be achieved by all firms by the 25th of May 2018.

Data controller Vs Data Processor

To put it simply, a data controller is a person, authority, institution, or entity who, alone or collectively, defines the purpose of obtaining and processing data. A data processor, on the other hand, is a person, authority, organisation, or organisation that processes acquired data on the controller's behalf. KaptureCRM assures that all data gathered comes directly from the user and a third-party website that has been linked with us.

See how we take care of your data

The declaration of responsibility, often known as a non-disclosure/confidentiality agreement, relates to data protection, the privacy of all shared data, trade secrets, and the privacy of social security data. Furthermore, workers' confidentiality agreements and external service providers' confidentiality agreements would be differentiated.

Non-compliant penalties

For violating the GDPR, you might face a punishment of up to 4% of your annual global revenue, or € 20 million. This is the highest penalty that may be assessed for major infractions, such as failing to get enough client permission to process data. However, there is a two-tiered approach to fines.

Individual rights under GDPR

The General Data Protection Regulation (GDPR) seeks to empower people and give them control over their data.

Right to be informed

EU customers should be informed about how their data will be used by the particular company.

Right of access

It allows data subjects to confirm what data you have compared to the data you say you have.

Right to rectification

It is the EU customer's right to change or modify any wrong or outdated information of an individual customer.

Right to erasure

EU customers can demand deletion of data with a company anytime they want.

Right to restrict processing

It is the right to request the restriction of processing under certain conditions and company have to temporarily stop the process.

Right to data portability

EU customers have the right to take a copy of their data and use it for their own benefit.

Right to object

EU customers can restrict the company from using their data anytime they wish to.

Rights in relation to automated decision making and profiling.

EU customers shall have the right not to be subject to a decision based solely on automated processing.

Encryption used to secure your data

All communications with KaptureCRM UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This makes sure that all traffic between you and KaptureCRM is safe during the transit. Additionally for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and provides email securely, mitigating eavesdropping between mail servers where peer services support this protocol. Exceptions for encryption may include any use of in-product SMS functionality, any other third-party app, integration, or service subscribers may choose to leverage at their own discretion.

Why you should make GDPR compliant software part of your system?

Data security is a common concern of every individual. You should take steps that ensure that customers are confident enough to share their personal data with you.

GDPR compliance is required if you are in the EU or have customers in the EU. Because the GDPR elevates the level of professionalism with which data is handled.

The internet has altered our way of life and work. We use the internet to search for anything, consume news and entertainment, communicate personal thoughts and messages, and perhaps buy anything under the sun. Many corporations gather our data, keep it, utilise it, and even exchange it in ways over which we have no control. This information is frequently lost or abused. GDPR requires enterprises to maintain a minimal level of security to guarantee that the data they keep on individuals is always kept and handled securely, minimising the risk of it being lost or misused.