The General Data Protection Regulation (GDPR) is a set of regulations that went into effect in the European Union (EU) in May 2018. It aims to give individuals more control over their personal data and how it is used, and to create a uniform data protection framework across the EU.

The GDPR applies to any company that processes the personal data of EU citizens, regardless of where the company is based. This means that even if a company is based outside of the EU, it must still comply with the GDPR if it processes the personal data of EU citizens.

There are several key provisions of the GDPR that businesses should be aware of:

Right to access: Under the GDPR, individuals can access their data and request a copy of it.

Right to be forgotten: Individuals have the right to have their data erased in certain circumstances, such as when it is no longer needed for the purposes for which it was collected.

Data portability: Individuals have the right to receive their data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

Data protection by design and default: The GDPR requires businesses to implement appropriate technical and organizational measures to ensure that personal data is processed in a secure and privacy-friendly manner.

Notification of data breaches: The GDPR requires businesses to report certain data breaches to the relevant authorities within 72 hours.

Legitimate interest: The GDPR allows companies to process personal data for their legitimate interests, provided that the interests or fundamental rights and freedoms of the individuals concerned do not override those interests.

Consent: The GDPR requires companies to obtain explicit consent from individuals before processing their personal data in certain circumstances. This consent must be freely given, specific, informed, and unambiguous.

Data protection officer (DPO): The GDPR requires companies to appoint a DPO if they carry out large-scale processing of special categories of data (such as data related to health or genetics) or if they carry out large-scale monitoring of individuals (such as through the use of cookies).

International data transfers: The GDPR imposes restrictions on the transfer of personal data outside of the EU. Companies must ensure that appropriate safeguards are in place when transferring data to countries outside of the EU that do not provide adequate protection.

Data protection impact assessment (DPIA): The GDPR requires companies to conduct a DPIA when introducing new processing activities that are likely to result in a high risk to the rights and freedoms of individuals. The DPIA must identify and assess the potential risks to individuals and describe the measures that will be taken to mitigate those risks.

Children’s data: The GDPR sets out specific provisions for the protection of children’s personal data. Companies must obtain the consent of a parent or guardian before collecting and processing the personal data of children under the age of 16.

Data protection authorities (DPAs): The GDPR establishes DPAs in each EU member state to ensure compliance with the regulation and address individual complaints. DPAs have the power to impose fines and other sanctions on companies that fail to comply with the GDPR.

One-stop-shop mechanism: The GDPR’s one-stop-shop mechanism allows companies to deal with a single DPA in the EU member state where they have their main establishment. This helps to streamline the process of complying with the GDPR and reduces the burden on companies.

Cooperation and consistency: The GDPR requires DPAs to cooperate and provide mutual assistance to each other in order to ensure consistent application of the regulation across the EU.

Supervisory authority: The GDPR establishes a supervisory authority in each EU member state to oversee the activities of the DPAs and ensure consistent application of the regulation. The supervisory authority has the power to resolve disputes between DPAs and to coordinate investigations and enforcement actions.

How GetAFix is committed to protecting personal data and the silent feature of its GDPR compliance

As a cloud-based garage management software, GetAFix is committed to protecting the personal data of our users and complying with the GDPR. Here are some of the key features that we have adopted to ensure compliance with the GDPR:

Right to access: GetAFix allows users to access their personal data and request a copy of it at any time.

Right to be forgotten: GetAFix allows users to have their personal data erased in certain circumstances, such as when it is no longer needed for the purposes for which it was collected.

Data portability: GetAFix allows users to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Data protection by design and default: GetAFix has implemented appropriate technical and organizational measures to ensure that personal data is processed in a secure and privacy-friendly manner.

Notification of data breaches: GetAFix has a process in place to report certain data breaches to the relevant authorities within 72 hours.

Children’s data: GetAFix complies with the GDPR’s provisions on the protection of children’s personal data by obtaining the consent of a parent or guardian before collecting and processing the personal data of children under the age of 16.

Data protection authorities (DPAs): GetAFix cooperates with DPAs in order to ensure compliance with the GDPR and to address any complaints from individuals.

One-stop-shop mechanism: GetAFix uses the GDPR’s one-stop-shop mechanism to deal with a single DPA in the EU member state where we have our main establishment. This streamlines the process of complying with the GDPR and reduces the burden on our company.

Cooperation and consistency: GetAFix works with DPAs to provide mutual assistance and ensure consistent application of the GDPR across the EU.

Supervisory authority: GetAFix is subject to the oversight of a supervisory authority in each EU member state, which has the power to resolve disputes between DPAs and coordinate investigations and enforcement actions.

GetAFix is committed to protecting the personal data of our users and complying with the GDPR. By adopting these key features, we are able to provide a secure and privacy-friendly service to our customers.