GDPR Compliance

4 minutes read

The General Data Protection Regulation (GDPR) proposed by the European Union applies to all kinds of Personally Identifiable Information (PII) acquired from the public web. If an application intends to collect data from the web about citizens residing in the European Economic Area (EEA) then you need to design your Web application with GDPR compliance in mind.

If you are working with Info Science Labs Corp on a co-operative web application or an integrated project then we can work with you on legal terms to help you achieve GDPR compliance for your individual project. The task of ensuring that the collected Personally Identifiable Information (PII) is GDPR compliant completely rests with you. For projects where collection of PII is not a primary task, we can provide you with tools that will help you sort any accidental collection of PII that might subject you to GDPR.

What is GDPR?

The EU’s (European Union) GDPR explicitly outlines certain requirements that organizations or concerned individuals must adhere to for the collection, processing and transfer of PII (Personally Identifiable Information) about EEA (European Economic Area) residents.

Key concept

GDPR underlines some key concepts or situations under which information available on the web that can identify a person can be processed or stored.

In case you consider that you have a legitimate interest in collecting data over the web, there are certain examples that the GDPR puts up for efficient understanding of what constitutes legitimate interests. Your interests including all marketing interests should fit in those categories provided by the GDPR, although it is still required that your collection of PII should have minimal impact to the privacy of the data subjects.

What counts as a PII?

In the GDPR documentation, PII or Personally Identifiable Information is broadly defined as “any information relating to an identified or identifiable person”. This definition covers the generic personal information including name, residential address, contact number, identification number on different documents of proof, etc. Along with the above stated general terms, PII also constitutes information that may help in uniquely identifying a person including physical attributes, likenesses, etc. If such indirectly identifying PII is collected from the web in bulk, in an anonymous manner such that it cannot be traced back to a single person then GDPR may not apply in that specific operational condition. However, it should be noted that if a number of such attributes collected can be connected in a way to be traced back to an identifiable person then GDPR would be applicable to the data processing.

How to know whether GDPR applies to you

It is relatively simple to understand whether GDPR applies to you or not. If your data collection project positively affirms to all or some of the following points then GDPR applies to you.

Some instances

Not-affected by GDPR

Affected by GDPR

Data processors and data controllers

Speaking in the context of your own Web-data collection project, you are the sole Data Processor and Data Controller. You are storing and processing the data collected from the web through Info Science Labs Corporation’s services which makes you the Data Processor. At the same time, you are also commanding Info Science Labs Corporation to collect such information on your behalf, making you the Data Controller as well. Info Science Labs Corporation is only a Data Processor as we only collect information and data when instructed to do so by our clients.

In case of any queries regarding this GDPR notice, please feel free to reach out to us. We’ll be happy to attend to your issue.

Last updated on: 27 January, 2021