General Data Protection Regulation (GDPR)
What is the GDPR?
The GDPR is a new, comprehensive data protection law in the European Union (EU) that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
Additional information about the GDPR is available on the official GDPR website of the EU.
What CaterTrax is Doing
Like many technology providers, CaterTrax has completed the steps required for these regulations and their enforcement. The GDPR mandate protects both CaterTrax, it’s customer data, and individual user data. We have added the Fair Processing Notice to the copyright of all CaterTrax sites, and have a process in place to receive GDPR complaints, which you can find below on this page.
Frequently Asked Questions
The GDPR regulates the “processing,” which includes the collection, storage, transfer, or use of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
Learn about the Fair Processing Notice for the CaterTrax application here: https://catertrax.com/intellectual-property/
The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:
- Expanded rights for EU individuals: The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities, and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- Binding Corporate Rules (BCRs): The GDPR officially recognizes BCRs as a means for organizations to legalize transfers of personal data outside the EU.
- Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.
- One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
No, the GDPR does not require personal EU data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitutes as personal data.
For information on the Consent Withdrawal process and the Access Request process, please refer to this CaterTrax Compliance Processes document.
Submit a Request
Please select one or more of the following options below and our team will follow up appropriately. Right of Access means citizens can access their personal information by requesting it via the form. Right of Erasure is a citizens request for all personal data to be released to them. Data Portability is a request to transfer personal data from one electronic system to another.