Global Data Protection Agency
  • HOME
  • CONTACT US

PENALTY PROVISIONS: Administrative Fines (Article 76)

Article 76: Any of the following persons and a person who made a third party commit an act falling under subparagraphs 7 through 11, shall be punished by an administrative fine not exceeding 30 million won...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Confiscation and Additional Collection (Article 75-2)

Article 75-2: Money and goods, or other profits received by a person committing any offence referred to in Article 71 (1) 1 through 8, Article 72 (1) 2...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Joint Penalty Provisions (Article 75)

Article 75: If a representative of a corporation, or an agent, an employee, or other servant of the corporation commits a violation under Articles 71 through 73 or 74...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 74)

Article 74: Any of the following persons shall be punished by imprisonment with labor for up to one year or by a fine not exceeding 10 million won...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 73)

Article 73: Any of the following persons shall be punished by imprisonment with labor for not more than two years or by a fine not exceeding 20 million won...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 72)

Article 72: A person falling under any of the following subparagraphs shall be punished by imprisonment with labor for up to three years or by a fine not exceeding 30 million won:....

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 71)

Article 70-2: A person who conveys or spread a malicious program in violation of Article 48 (2) shall be punished by imprisonment with labor of up to seven years or by fine not exceeding 70 million won....

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 70-2)

Article 70-2: A person who conveys or spread a malicious program in violation of Article 48 (2) shall be punished by imprisonment with labor of up to seven years or by fine not exceeding 70 million won....

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

PENALTY PROVISIONS: Penalty Provisions (Article 70)

Article 70: A person who commits defamation of another person by disclosing a fact to the public through an information...

eBOOK ● PIPC-C10 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Accusation

Article 69-2: In cases where an act falling under any subparagraph of Article 64-3 (1) is deemed existing...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Legal Fiction as Public Official in Application of Penalty Provisions

Article 69: Executives and employees of the National Information Society Agency and the Internet and Security Agency...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Application Mutatis Mutandis to Broadcasting Business Operator

Article 67: Chapter 4 shall apply mutatis mutandis to the cases where a person falling under subparagraph 3 (a) through (e) of Article 2, subparagraph 6, 9, 12 and 14 of the Broadcasting Act...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Confidentiality. etc.

Article 66: A person who engages or engaged in a job related to any of the following business affairs shall not divulge to another person any secret that he/she has learned while performing his/her duties...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Delegation and Entrustment of Authority

Article 65: The Minister of Science, ICT and Future Planning or the Korea Communications Commission may delegate or entrust part of his/her authority under this Act...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Hearing

Article 64-4: The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall hold a hearing in cases falling under any of the following subparagraphs...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Imposition, etc. of Penalty Surcharges

Article 64-3: The Korea Communications Commission may impose, on a provider of information and communications services or similar...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Protection and Destruction of Data, etc.

Article 64-2: The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall not...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

SUPPLEMENTARY PROVISIONS: Submission of Data

Article 64: The Minister of Science, ICT and Future Planning or the Korea Communications Commission may require a provider of information...

eBOOK ● PIPC-C9 ● KNOWLEDGE BANK 

July 24, 2019

INTERNATIONAL COOPERATION: Protection of Personal Information Transferred Abroad

Article 63: Any provider of information and communications services or similar shall not conclude an international contract with any term or condition in violation of this Act with respect to personal information of users...

eBOOK ● PIPC-C8 ● KNOWLEDGE BANK 

July 24, 2019

INTERNATIONAL COOPERATION: International Cooperation

Article 62: The Government shall maintain cooperate reciprocally with other nations or international organizations in carrying out the following affairs...

eBOOK ● PIPC-C8 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Restriction on Use of Telecommunications Billing Services

Article 61: The Minister of Science, ICT and Future Planning may order a provider of telecommunications billing services to deny, suspend...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Liability for Damages

Article 60: A provider of telecommunications billing services shall be liable for damages caused to a user of the telecommunications billing services while rendering the services...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Dispute Resolution

Article 59: Every provider of telecommunications billing services may install and operate an institution or organization that voluntary resolves disputes to protect rights and interests of users...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Rights of Providers of Telecommunications Billing Services

Article 58: When the price for goods, etc. sold or provided must be paid, or a provider of telecommunications billing services charges the price therefor...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Securing Safety in Telecommunications Billing Services

Article 57: Every provider of telecommunications billing services shall perform his/her duty to pay attention as a good manager so that telecommunications billing services may be provided in a safe manner...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Reporting on Standard Contract Form

Article 56: Every provider of telecommunications billing services shall prepare a standard contract form on telecommunications billing services and report it to the Minister of Science...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Order to Revoke Registration

Article 55: Where a provider of telecommunications billing services makes a registration by fraud or other improper means, the Minister of Science, ICT and Future Planning shall revoke the registration...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Disqualification from Registration

Article 54: A person falling under any of the following subparagraphs shall be disqualified for the registration under Article 53:...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

TELECOMMUNICATIONS BILLING SERVICES: Registration, etc. of Provider of Telecommunications Billing Services

Article 53: The Government shall establish the Korea Internet and Security Agency...

eBOOK ● PIPC-C7 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Korea Internet and Security Agency

Article 52: The Government shall establish the Korea Internet and Security Agency...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Restriction, etc. on Outflow of Important Information to Abroad

Article 51: The Government may have providers or users of information and communications services to take necessary measures...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Prohibition on Transmission of Advertising Information for Unlawful Act

Article 50-8: No one shall transmit any advertising information for goods or services prohibited by this Act or any other Act through an information and communications network....

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Restrictions on Posting of Advertising Information for Profit

Article 50-7: Where any person intends to post advertising information for profit on an Internet website, he/she shall obtain prior consent from the operator or the manager of an Internet website...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Distribution of Software Designed to Block Transmission of Advertising Information for Profit

Article 50-6: The Korea Communications Commission may develop and distribute software or computer programs designed for addressees to conveniently block...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Installation of Advertising Program for Profit

Article 50-5: A provider of information and communications services shall, when it intends to install a program designed to display advertising information...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Commissioned Transmission of Advertising Information for Profit

Article 50-4: A provider of information and communications services may take measures to refuse rendering corresponding services in any of the following cases...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Commissioned Transmission of Advertising Information for Profit

Article 50-3: A person who has commissioned a third party to transmit advertising information for profit on his/her behalf shall control and oversee the person...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Restrictions on Transmission of Advertising Information for Profit

Article 50: If any person intends to transmit advertising information for profit by using an electronic transmission medium...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Prohibition on Collection, etc. of Personal Information by Acts of Deceit

Article 49-2: No one shall collect another person's information through an information and communications network by an act of deceit, nor shall entice another person by an act of deceit to furnish information...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Protection of Secrets, etc.

Article 49: No one shall mutilate another person's information processed, stored, or transmitted through an information and communications network, nor shall infringe, misappropriate, or divulge another person's secret...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Analysis, etc. of Cause of Intrusion Cases

Article 48-4: A person who operates an information and communications network, including a provider of information and communications services...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Report, etc. on Intrusion Cases

Article 48-3: A person falling under any of the following subparagraphs shall, where he/she discovers an intrusion, immediately report it to the Minister of Science...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Countermeasures, etc. against Intrusion Cases

Article 48-2: The Minister of Science, ICT and Future Planning shall perform the following business affairs to take proper countermeasures against intrusion...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Prohibition on Intrusive Acts, etc. on Information and Communications Network

Article 48: No one shall intrude on an information and communications network without a rightful authority for access or beyond a permitted authority for access...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Management Rating for Information Protection

Article 47-5: A person who has obtained the certification for information security management system pursuant to Article 47 is entitled to receive the management rating...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Protection of User Information

Article 47-4: The Government may prescribe guidelines necessary for protection of information of users to recommend users to observe the guidelines...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Certification of Personal Information Management System

Article 47-3: With respect to a person who established and is operating a comprehensive management system including administrative...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Revocation of Designation of Certification Body of and Examination Institution for Information Security Management Systems

Article 47-2: If a legal entity or organization designated as a certification body for information security management system or an examination institution for information security management...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Certification of Information Security Management System

Article 47: With respect to the person who has established and operates a comprehensive management system...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Emergency Countermeasures of Business Operators of Clustered Information and Communications Facilities

Article 46-2: A business operator of clustered information and communications facilities may...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Protection of Clustered Information and Communications Facilities

Article 46: Every business operator who operates and manages clustered information and communications facilities to render information and communications services...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Designation, etc. of Chief Information Protection Officers

Article 45-3: A provider of information and communications services may designate a chief information protection officer at a level of an executive officer for security...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Preliminary Examination on Information Protection

Article 45-2: A provider of information and communications services shall, if he/she intends to newly establish an information and communications network or to provide information and communications services...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK: Securing of Stability of Information and Communications Network

Article 45: Every provider of information and communications services shall take protective measures to secure the reliability of the information and security of the information and communications networks...

eBOOK ● PIPC-C6 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Defamation Dispute Conciliation Division

Article 44-10: The Communications Standards Commission shall have the defamation dispute conciliation division comprised of five members or less for efficient conciliation...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Prohibition on Circulation of Unlawful Information

Article 44-7: No one may circulate information falling under any of the following subparagraphs through an information and communications network...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Claim to Furnish User’s Information

Article 44-6: A person who alleges that information published or circulated by a specific user has intruded on his/her privacy...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Identity Verification of Users of Message Boards

Article 44-5: Any of the following persons shall, if he/she intends to install and operate a message board, take necessary measures...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Self Regulation

Article 44-4: An organization of providers of information and communications services may establish and implement a code of conduct...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Discretionary Temporary Measures

Article 44-3: A provider of information and communications services may, if it finds that information circulated through the information and communications network operated and managed by him/her intrudes on someone's privacy...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Request for Deletion of Information

Article 44-2: Where information provided through an information and communications network purposely to be made public intrudes on other persons' privacy...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Protection of Rights in Information and Communications Network

Article 44: No user may circulate any information violative of other person's rights, including invasion of privacy and defamation, through an information and communications network....

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Duty of Provider of Visual or Sound Information to Keep Information

Article 43: An information provider specified by Presidential Decree among those who engage in a business of providing unwholesome media for juvenile...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Prohibition on Advertisement of Unwholesome Media for Juvenile

Article 42-2: No one may transmit, to a juvenile under subparagraph 1 of Article 2 of the Juvenile Protection Act...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Designation of Person Responsible for Protection of Juvenile

Article 42-3: A provider of information and communications services whose the average number of users per day, sales, and other related factors...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Labeling of Media Unwholesome for Juvenile

Article 42: A person who provides information to the general public purposely to make it public through telecommunications services rendered by a telecommunications business operator...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS: Preparation of Policy on Protection of Juvenile

Article 41: The Korea Communications Commission shall prepare a policy on the following measures to protect juvenile from unwholesome information for juvenile...

eBOOK ● PIPC-C5 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Deletion and Blocking of Exposed Personal Information

Article 32-3: A provider, etc. of information and communications services shall ensure that users’ personal information such as resident registration numbers...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Claim for Statutory Damages

Article 32-2: Where a user falls under each of the following subparagraphs, he/she may claim resonable compensation not exceeding three million won as damages...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Compensation

Article 32: Where a user suffers any damage caused by a violation of any provision of this Chapter by a provider...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Rights of Legal Representative

Article 31: A provider of information and communications services or similar shall, if he/she desires to obtain consent of a child of less than 14 years on collection, use, furnishing...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Notification of Details of Use of Personal Information

Article 30-2: A provider of information and communications services or similar falling under the standards determined by Presidential Decree...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Rights of Users

Article 30: Every user may, at any time, revoke his/her consent given to a provider of information and communications services or similar to allow the provider to collect, use, or furnish his/her personal information...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Destruction of Personal Information

Article 29: A provider of information and communications services or similar shall, if any of the followings occurs...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Prohibition on Disclosure of Personal Information

Article 28-2: A person who manages or has ever manages personal information of users shall not damage...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Protective Measures for Personal Information

Article 28: Every provider of information and communications services or similar shall, when he/she manages personal information of users, take the following technical and administrative measures...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Notification/Reports on Leakage of Personal Information

Article 27-3: When a provider of information and communications services or similar becomes aware of the loss, theft, or leakage of personal information...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Public Disclosure of Policy on Managing Personal Information

Article 27-2: Every provider of information and communications services or similar shall, when he/she manages personal information of users...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Designation of Person Responsible for Management of Personal Information

Article 27: Every provider of information and communications services or similar shall designate a person responsible for protection of personal information so that he/she protects the personal information...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Method Applicable in Obtaining Consent

Article 26-2: The method applicable in obtaining the consent under Article 22 (1), the proviso to Article 23 (1), Article 24-2 (1) or (2), Article 25 (1), the proviso to Article 26 (3), or Article 63 (2)...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Transfer of Personal Information Following Transfer of Business

Article 26: Where a provider of information and communications services or similar transfers personal information of users to a third party due to transfer of business...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Entrustment of Management of Personal Information

Article 25: A provider of information and communications services or a person who received personal information of users from the provider of information...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Consent to Provision of Personal Information

Article 24-2: Every provider of information and communications services shall, whenever he/she intends to furnish a third party with personal information of a user...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Restriction on Use of Personal Information

Article 24: No provider of information and communications services may use personal information collected in accordance with Article 22...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Suspension of Identification Service and Cancelation of Designation of Identification Service Agency

Article 23-4: When the identification service agency falls under any of the following subparagraphs, the Korea Communications Commission...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Designation of Identification Service Agency, etc.

Article 23-3: The Korea Communications Commission may, after reviewing each item of the following subparagraphs...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Restriction on Use of Resident Registration Numbers

Article 23-2: Other than the cases falling under any of the following subparagraphs, a provider of information and communications services may not collect/use users’ resident registration numbers...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Restrictions on Collection of Personal Information

Article 23: No provider of information and communications services may collect personal information regarding any person...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Consent to Access Authority

Article 22-2: Where a provider of information and communications services needs authority to access...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROTECTION OF PERSONAL INFORMATION: Consent to Collection and Use of Personal Information

Article 22: A provider of information and communications services shall, whenever he/she intends to collect personal information of a user purposely to use it...

eBOOK ● PIPC-C4 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Improvement of Quality of Internet Service

Article 15: The Minister of Science, ICT and Future Planning shall prepare and enforce a policy to protect rights and interests of users of internet service...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Proliferation of Internet

Article 14: The Government shall induce public and private sectors to use internet facilities available in public and private sectors so that internet can be proliferated...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Projects for Promoting Use of Information and Communications Networks

Article 13: The Minister of Science, ICT and Future Planning may implement projects designed to promote efficient use and dissemination of technology...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Establishment of System for Sharing Information

Article 12: The Government may encourage to build up a system for sharing information through linked operation and standardization of information...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Acceleration of Development of Applied Services for Information and Communications Networks

Article 11: The Government may provide financial and technical support, or otherwise as may be necessary...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Support for Development of Content of Information

Article 10: With an aim of securing national competitiveness and enhancing the public interest, the Government may provide financial and technical support...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Designation of Certifying Institutions

Article 9: The Minister of Science, ICT and Future Planning may designate an institution to certify products related to information and communications networks...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Standardization and Certification of Information and Communications Networks

Article 8: The Minister of Science, ICT and Future Planning shall establish and provide a public notice the standards for information and communications networks in order to promote the use of information...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Management and Dissemination of Technology-Related Information

Article 7: The Minister of Science, ICT and Future Planning shall manage, systematically and comprehensively...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK: Development of Technology

Article 6: The Minister of Science, ICT and Future Planning may engage the relevant research institute, as prescribed by Presidential Decree...

eBOOK ● PIPC-C2 ● KNOWLEDGE BANK 

July 24, 2019

GENERAL PROVISIONS: Relationship to Other Acts

Article 5: Except as otherwise provided for in any other Act, the promotion of use of information and communications networks...

eBOOK ● PIPC-C1 ● KNOWLEDGE BANK 

July 24, 2019

GENERAL PROVISIONS: Preparation of Policy on Promotion of Utilization of Information and Communications Networks and Protection of Information

Article 4: The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall prepare policies to lay a foundation for an information society through the promotion of utilization...

eBOOK ● PIPC-C1 ● KNOWLEDGE BANK 

July 24, 2019

GENERAL PROVISIONS: Responsibilities of Providers and Users of Information and Communications Services

Article 3: Every provider of information and communications services shall contribute to protection of rights and interests of users and enhancement of users...

eBOOK ● PIPC-C1 ● KNOWLEDGE BANK 

July 24, 2019

GENERAL PROVISIONS: Definitions

Article 2: The definitions of terms used in this Act shall be as follows...

eBOOK ● PIPC-C1 ● KNOWLEDGE BANK 

July 24, 2019

GENERAL PROVISIONS: Purpose

Article 1: The purpose of this Act is to contribute to improving citizens’ lives and enhancing public welfare by facilitating utilization of information and communications networks...

eBOOK ● PIPC-C1 ● KNOWLEDGE BANK 

July 24, 2019

APP COMPLIANCE ● GDPR COMPLIANCE

©2007-2022 GDPA

SHARE YOUR KNOWLEDGE

Submit your article
Article will be submitted and published after review.

You are not allowed to submit content, please register or sign in.

Q: Will my membership with GDPA reduce my Insurance premium?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Will I get fined for non-compliance?

Let’s not kid ourselves, the biggest threat to organisations from GDPR is running the risk of massive fines.

In saying that, GDPR law is not about handing our fines, it’s about putting the rights of the individual first.

Before a fine is handed out, a serious of sanctions take place.

Whilst it may not be financial to begin with, it will definitely place a massive dent in the reputation of the offending party. When you lose the trust with your audience and/or your staff, it’s pretty much game over.

One thing is for certain, there is no room for complacency, not matter where in the world you are.

 question sent in by Zachary.T from Singapore

Q: Why isn’t GDPR Registrar a free service?

As much as we would like to make it a free platform, it would be beyond our personal financial ability in doing so.

We researched extensively to find the fair price medium, one that will make it a value added incentive on your behalf and one that would maintain the costs in operating and evolving this site.

Bottom line is we have settled on a pricing model for the many and not for the few.

question sent in by Joyce.T from Ireland

Q: Why are your membership prices so low?

Knowledge has no price limit and yes we could quite easily charge more.

The reason we don’t is simple. This platform has been designed to offer the tools to the many and not the few. We believe our pricing structure is fair and affordable to everyone, without compromising on our objectives to our members and to our purpose of existence.

If you wish to shout our team a cup of coffee then we won’t say no. Simply spin the wheel below to see how many of our staff will enjoy your shout.

So you know, its €1 per shout.

[wof_wheel id=”2854″]
 question sent in by Mo Chou from China

Q: Who does GDPR apply to?

GDPR applies to anyone that applies, handles, processes, and/or monitors personal data of residents (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from.

Furthermore, it matters not whether you hold onto the data for 1 minute or 10 years.

 question sent in by Andrea.F from Australia

Q: Who do GDPR privacy protocols apply to?

GDPR protocols apply to all forms of relationships where in concerns European Union Residents (full-time or temporary including foreign tourists).

The types of relationship fall under 3 categories:

✍ B2B (business to business) where third party relationships are involved in the processing of personal data.

✍ B2C (business to consumer) where you are required to demonstrate responsibility towards personal data.

✍ B2E (business to employee) where the data you hold on current, past and prospective employees is managed within the boundaries of GDPR protocols.

 question sent in by John.K from Belgium

Q: Who can I email?

To clear the air and any confusion, you can email both B2B (Business to Business) and B2C (Business to Consumer) based on the following parameters:

 B2B (Business to Business) in 5 steps

  1. Make sure the business you are targeting is relevant to your email.
  2. Define your legitimate interest when emailing them.
  3. Allow them to unsubscribe easily and/or to opt-out of future emails.
  4. Keep your database clean and up to date.
  5. Make sure the business email is not a personal name, example:
    • wrong: john@businessname.com (unless you have prior consent)
    • wrong: mary@businessname.com (unless you have prior consent)
    • right: info@businessname.com
    • right: support@businessname.com
    • right: contact@businessname.com
    • right: enquiry@businessname.com
    • right: hr@businessname.com
    • right: marketing@businessname.com
    • right: ceo@businessname.com
    • etc…

 B2C (Business to Consumer) in 5 steps

  1. Don’t pressure or confuse individuals to grant you consent by making it a pre-requisite for signing up to your site and/or service. Keep it simple and let them decide.
  2. Adjust your lead generation and consent forms, permitting the users to opt-in freely, be specific, keep it simple, and easy to understand.
  3. When collecting data for multiple marketing channels (sms, postal mail, email…) give the user the option to pick which channels they wish to receive communications from you. Provide separate options for each channel.
  4. Be clear with your audience should the information you collect from them is likely to be shared with 3rd parties.
  5. Allow them to unsubscribe easily and/or to opt-out of future emails.
question sent in by Nicole.D from Greece

Q: What rights will individuals have under privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What responsibilities will companies have under the privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What personal information can I ask for?

As a data subject (that’s how you are referred to), GDPR presents you with 8 rights to which you can make a specific request and be assured that your personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided by you to the entity.

A data subject is referred to as an individual:

♀ ♂ Candidate
♀ ♂ Client
♀ ♂ Commuter
♀ ♂ Consumer
♀ ♂ Contractor
♀ ♂ Creditor
♀ ♂ Customer
♀ ♂ Debtor
♀ ♂ Employee
♀ ♂ End User
♀ ♂ Guest
♀ ♂ Individual
♀ ♂ Job Applicant
♀ ♂ Patron
♀ ♂ Prospect
♀ ♂ Purchaser
♀ ♂ Representative
♀ ♂ Tenant
♀ ♂ Tourist
♀ ♂ Vacationer
♀ ♂ Vendor
♀ ♂ Visitor

A data subject has 8 legal rights of request, including:

1: Right to Object:  The right to object to the processing of ♀ or ♂ personal data.

2: Right to be Forgotten: The right to ask for the deletion of ♀ or ♂ data, also referred to as the “right to erasure”.

3: Right to Access: The right to get access to ♀ or ♂ personal data that is being processed.

4: Right to Withdraw Consent: The right to withdraw a previously given consent for processing of ♀ or ♂ personal data for a purpose.

5: Right to Object to Automated Processing: The right to object to a decision based on automated processing including Machine Learning and Artificial Intelligence of ♀ or ♂ personal data.

6: Right to Rectification: The right to ask for modifications to ♀ or ♂ personal data in case the data subject believes that this personal data is not up to date or accurate.

7: Right to Data Portability: The right to ask for the transfer of ♀ or ♂ personal data in a machine-readable electronic format.

8: Right to Information: The right to ask a company for information about what ♀ or ♂ personal data is being processed and the reasoning for such processing.

This right given to you by GDPR is referred to as DSAR (Data Subject Access Request).

A DSAR can be made by an individual or an individual’s appointed representative. Such requests are made in writing and mailed to the entities registered GDPR Postal address and/or via Email.

Important to note that the violating entity must have a registered address within the EU to receive GDPR mail (irrelevant if the request is sent by post or via email).

question sent in by Angela.S from Greece

Q: What is the process for me to demonstrate that I comply with privacy laws such as the GDPR and how do I notify all my suppliers, customers, employees and stakeholders that I am complaint ?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What is pseudonymization?

It’s when digitally stored data (information entered via a computer, mobile device, laptop, etc…) is encrypted in such a way where it makes it impossible for unauthorized people to trace it back to an individual.

The 5 key methods used to achieve pseudonymization are:

♒ Encryption (involving the rendering of the original data as unreadable and which cannot be rendered readable without an encryption key)

♒ Tokenization (involving the substitution of sensitive data elements with a non-sensitive elements, that hold no extrinsic or exploitable meaning or value)

♒ Blurring (involving obfuscation just like media outlets rendering the faces of anonymous sources unrecognizable)

♒ Masking (involving the masking of data where it still permits you to identify the data “example a credit card: XXXX XXXX XXXX 1964” without identifying the individual )

♒ Scrambling (involving a combination or obfuscation of alpha/numeric characters)

question sent in by Vincent.X from Sweden

Q: What is Personal Data?

Personal Data is any information relating to an identified or identifiable natural person (otherwise referred to as a ‘data subject’).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Here is an extensive list of Personal Data:

✍ Activity on the site
✍ Age
✍ Arrest records
✍ Bank account
✍ Bankruptcies
✍ Bio-metric identifiers
✍ Birth certificate
✍ Browser
✍ Browsing history (elsewhere online)
✍ Car insurance records
✍ Cell/Mobile phone
✍ Chat history (elsewhere online)
✍ Children’s names
✍ City of birth
✍ Cloud storage files
✍ Contacts list
✍ Cookies
✍ Credit card number
✍ Credit report
✍ Criminal offenses & convictions
✍ Current employer
✍ Current home address
✍ Current income
✍ Current location (physical)
✍ Daily life activities
✍ Date of birth
✍ Debit card number
✍ Device ID / MAC address
✍ Digital fingerprint
✍ Donations to organizations
✍ Driver’s license / state ID
✍ Education history
✍ Email records
✍ Employment history
✍ Event attendance
✍ Eye color
✍ Face photographs
✍ Facial geometry
✍ Family health history
✍ Fingerprints
✍ First name
✍ Friends’ names
✍ Gender
✍ Genetic information
✍ Hair color
✍ Handwriting
✍ Health insurance records
✍ Height
✍ Home phone
✍ Home value
✍ Homeowner status
✍ HR issues & disciplinary actions
✍ Income history
✍ Investment records
✍ IP address
✍ ISP (internet service provider)
✍ Judgements
✍ Language preference
✍ Last name
✍ Length of current residence
✍ Liens
✍ Life insurance records
✍ Likes & ratings
✍ Loan records
✍ Location history (physical)
✍ Maiden name
✍ Marital status
✍ Media preferences
✍ Medical card number
✍ Medical records
✍ Messages on the site
✍ Nationality
✍ Number of people in household
✍ Occupation
✍ Operating system
✍ Other financial statements
✍ Other identifying photographs
✍ Other names used
✍ Pardons
✍ Parents’ names
✍ Passport information
✍ Password
✍ Performance evaluations
✍ Personal email address
✍ Pets & animals
✍ Phone call records
✍ Photo location data
✍ Physical or mental disability
✍ PIN number
✍ Political affiliations & opinions
✍ Political party affiliation
✍ Postal activity
✍ Power of attorney
✍ Prescriptions
✍ Previous addresses
✍ Professional license records
✍ Property records
✍ Racial & ethnic origin
✍ Recreational license records
✍ Reference interviews
✍ Religion & philosophical beliefs
✍ Retina scan
✍ Schools attended
✍ Search history (elsewhere)
✍ Search history on the site
✍ Security question & answer
✍ Sexual orientation
✍ Sexual partners
✍ Shopping & purchase history (elsewhere online)
✍ Shopping & purchase history (offline)
✍ Shopping & purchase history (on the site)
✍ Siblings’ names
✍ Signature
✍ Social media accounts
✍ Social media posts & history
✍ Social security / social insurance number
✍ Spouse name
✍ Surveys (online)
✍ Surveys (offline)
✍ Tax file number
✍ Tax returns
✍ Text message history
✍ Third-party login
✍ Topics of interest
✍ Trade union membership
✍ Username
✍ Vehicle registration records
✍ Veteran status
✍ Video footage
✍ Voice recording
✍ Voice signature
✍ Voter registration records
✍ Website
✍ Weight
✍ Work address
✍ Work email address
✍ Work phone
✍ Writing sample (electronic)

list compiled by TIM BOUCHER
question sent in by Fei Hung from China

Q: What is GDPRs global reach?

The impact of GDPR is global.

GDPR is a legal chapter established by the European Union and affects directly any entity worldwide that that applies, handles, processes, and/or monitors personal data of residents (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from. Simply put, you cannot hide from it or avoid it.

Currently, over 23,000,000 companies worldwide in 191 countries conduct some form of business activity which involves European Union residents. Chances are you’re one of these companies.

Here are the 3 key questions you need to immediately ask yourself:

  1. Do you have a registered mailing address within the European Union for all your GDPR related matters?
  2. Do you have someone with exceptional GDPR knowledge and data protection experience within the European Union to be your first line of contact regarding GDPR related matters?
  3. Have you taken the first basic steps towards GDPR compliance?

If you answered NO to any one of the 3 questions then we can assist you. GDPR Registrar is designed to provide the platform for entities such as yourself to commit to compliance and to be registered & represented within the European Union as required by law.

For further details CLICK HERE.

question sent in by Theresa.C from Dubai

Q: What is biometrics?

Biometrics is the measurement and statistical analysis of people’s unique physical and behavioral characteristics. The technology is mainly used for identification and access control, or for identifying individuals who are under surveillance.

The basic premise of biometric authentication is that every person can be accurately identified by his or her intrinsic physical or behavioral traits.

Biometric identifiers are divided into 2 categories, Behavioral and Physiological.

♀♂Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to typing rhythm, gait, and voice, otherwise referred to as behaviometrics.

♀♂Physiological characteristics are related to the shape of the body, including but not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odor and/or scent.

Examples of biometrics include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number.

Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.

question sent in by Marylin.S from Canada

Q: What information can’t I ask for?

You don’t have the right to make a request and gain access to the information of a 3rd party individual, unless you have been properly appointed as the authorized representative of the original individual seeking access to their information.

The entity receiving your request requires:

  1. sufficient evidence on your behalf to verify the identity of the data subject making such a request and
  2. sufficient details on your behalf so it can locate your request.

If the responsible person refuses your Data Subject Access Request on behalf of the entity, they must clearly set out in writing the reasons for the rejection.

If you are not satisfied with the outcome of your request, then you have the right to ask the entity for the details to their independent DPO (Data Protection Officer) to review your case.

question sent in by Frank.A from UK

Q: What if we cannot afford the costs to comply?

One thing people forget, and we wish to make this very clear, especially for small to medium size businesses. GDPR is not designed to put you out of business!!! 

GDPR requires you to DEMONSTRATE that you are committed in working towards being compliant.

Don’t act from a position of fear, that’s the biggest and most costly mistake you’ll make.

Do yourself a favor:

  1. Take a step back.
  2. Take a deep breath.
  3. Take a structured approach towards compliance.

When you register for free with us, we’ll give you your free step-by-step plan of action. CLICK HERE TO REGISTER FOR FREE .

We’re not going to lie to you, once you have gone through the plan, you will most likely become a registered member with us and/or with another quality organization for reasons that will become clear to you.

question sent in by Mario.D from Italy

Q: What does GDPR mean for social media strategies?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What does GDPR and privacy laws mean for property marketers?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What do you need to do if you own or manage property?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: What do you do with my information?

We use your information in fulfilling our obligations to you as a member and as permitted to us via GDPR Article 6 “Lawfulness of Processing”, where the processing shall be lawful only if and to the extent that at least one of the following applies:

✍ the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

✍ processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

✍ processing is necessary for compliance with a legal obligation to which the controller is subject;

✍ processing is necessary in order to protect the vital interests of the data subject or of another natural person;

✍ processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

✍ processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (shall not apply to processing carried out by public authorities in the performance of their tasks.)

We don’t abuse, take unlawful advantage or compromise your trust when you provide your information to us, and as such:

☑ We don’t share your information with 3rd parties, unless it is required to complete your request. (One example is when you file a complaint against a third party via our platform, we may be required to share your information with relevant 3rd parties to address your DSAR complaint.)

☑ We don’t sell your information to 3rd parties, period!

☑ We don’t ask or gather irrelevant information from you just for the hell of it.

☑ We don’t hold onto your credit-card information and will never ask for your credit card details. (All payments made by you to us will be via Paypal or Stripe gateways or Direct Bank Transfer.)

☑ We don’t make deliberate errors, therefore if you find something on our site not to be right, feel free to tell us and we’ll address it.

☑ We don’t proclaim to be perfect, though perfection is something we continually strive for.

☑ We don’t display your personal name on our site publicly unless you have given us explicit consent.

☑ We don’t share your details with co-workers within our organization unless they have a legitimate interest within their role.

☑ We don’t store your information on physical servers outside of the European Union.

☑ We don’t spam!

☑ We don’t work with entities that do not comply to GDPR Regulations.

question sent in by Elizabeth.B from UK

Q: What do we need to understand about GDPR?

As someone that handles personal data of residents (full-time or temporary including foreign tourists) within the European Union, you need to:

☑ Fully understand on how you use your data.

☑ Make certain that you’re incorporating GDPR into your data management.

☑ Conduct a thorough evaluation of your current & future data requirements.

☑ Assess the capabilities in managing such data.

☑ Be prepared to execute major changes in how you manage your data.

question sent in by David.M from Hong Kong

Q: What do I need to keep in mind about GDPR?

The top 12 key factors to keep in mind about GDPR protocols regrading European Union Residents (EURs) (full-time or temporary including foreign tourists) within the European Union, no matter where in the world this activity is conducted from include:

☑ Handling data on EURs.

☑ Offering goods and/or services to EURs.

☑ Monitoring and/or tracking the activities of EURs.

☑ Conducting any form of business or commercial activities with EURs.

☑ How serious you are about doing the right thing with EURs data.

☑ How you store EURs data.

☑ How you process EURs data.

☑ How you access EURs data.

☑ How you transfer EURs data.

☑ How you disclose EURs data.

☑ How you interact with EURs data.

☑ How you react to an infringement on EURs data.

question sent in by Patricia.Z from Hong Kong

Q: What are the principles of GDPR based on?

The principles are based on entities being responsible in considering what accountability they may or may not need to comply with. This is strictly based on the unique and specific circumstances of their activities and how they utilize the data they receive.

Each entities principles of compliance will differ according to interpretation and circumstances. The core principle is being able to demonstrate that you are committed to GDPR Compliance and are being proactive in achieving this target, whilst being able to demonstrate it when required.

Taking this approach will direct you in the right direction towards compliance.

 question sent in by Frances.R from USA

Q: What are cookies?

Cookies are small pieces of data stored on a user’s device which allow websites to perform specified actions or preferences.

Cookies are divided 5 categories:

☀ Targeted Cookies: Used to deliver multiple types of targeted digital ads. They store your user data and behavioral information, allowing advertising services to target you within specified audience groups according to variables including but not limited to: ✍age ✍gender ✍location ✍personal interests ✍website habits ✍search engine habits ✍social media habits, just to name a few.

☀ Necessary Cookies: Used by a website to deliver you the information and services they offer in a secure and optimized manner. In most cases, you must accept these “necessary cookies” to be able to make use of their online systems.

☀ Functional Cookies: They are essential for a website to work, for example: ✍making sure that you don’t have to keep logging into the website each time you visit a different page ✍keeping track of your shopping cart on the website ✍making sure the online live support maintains contact with you, especially when navigating the site.

☀ Performance Cookies: Used for internal purposes to help the website in providing you with a better user experience. The cookies help the operators of the website to better understand how it’s used by visitors, shoppers and members. From this information they can improve the way the site works and deliver better content to you. One example is when they use an external company such as Google to perform such an analysis via their services. In this instance, they may set third party cookies to enable this to function correctly.

☀ Undefined Cookies: This is something of a hit and miss scenario as undefined cookies can come from a number of factors including your personal settings on your device.

You can always run a check as to what cookies a website uses via online tools such as COOKIE METRIX or COOKIEBOT

question sent in by Mandy.Y from Cyprus

Q: My business collects personal information through electronic platfoms such as text messages. Do I need to comply with privacy laws such as GDPR

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Is photography subject to GDPR regulations?

Yes, photography is subject to the GDPR regulations.

You’ll need to have a privacy policy in place and you’ll need to make sure it’s in line with GDPR.

Make sure you have the privacy policy linked to your online pages, including website/s and social pages.

question sent in by Joshua.H from Germany

Q: Is GDPR just a fad?

Once upon a time there were only 2 things certain in life & now there are 3.

The sooner you come to grips with GDPR, the better of you’ll be in the long run.

  1. Define your policies for GDPR compliance
  2. Define your processes for GDPR compliance.
  3. Define your stakeholders for GDPR compliance.
  4. Discover what data you need to protect and manage.
  5. Control the access to your data.
  6. Centralize your data across your organization.

Following these six steps will place you in good standing with GDPR protocols, setting your path towards a bright future with your audience.

Forget bitcoin, trust is the new currency of the future!

question sent in by Beth.V from UK

Q: If my EU representative is based in the UK will I be compliant after Brexit or do I need to nominate a representative outside the UK

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: If I’m just a social network user do I need to comply with privacy laws and what are the consequences if I don’t?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: If I have an Instagram account do I need to comply with data protection privacy laws

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: If I have a facebook business page do I need to be GDPR compliant?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m just a sole trader who employs contractors from time to time. Do I need to comply with privacy regulations such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a trades person and often take before and after shots of the work I do. Do I need to comply with privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a marketer who advertises products and services and receives enquiries. Do I need to comply with privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a consumer, how do I know that my personal information is protected?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a business that wants to comply and implement data privacy and protection best practice and I don’t know how to do it. Who will help me do this

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a business that buys and sells products and services on Ebay. Do I need to comply with privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I’m a business in Australia that orders parts and services from Europe. Do I need to comply with privacy laws such as the GDPR ?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I have a You tube account, Im a you tube user, post videos, music and other information. Do I need to comply with Privacy Regulations such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: I have a data base of past customers and enquiries. Can I keep this data base on file?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: How will GDPR and other Privacy laws affect Property managers and Agents?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: How long can someone hold onto my data for?

When it’s for contractual reasons, for example you purchased a product, service, made a donation and actions of similar nature, it generally ranges about 6-7 years.

It’s always good to reach out to the entity to clarify this for you. You’ll find that the majority of companies will be more than happy to answer your question. Keep in mind that they have 30 days to respond to you.

If they don’t, then you can file an official complaint via our online form FILE A COMPLAINT. This service is also part of our free membership.

Here is a great infograph from Erik Underwood c/o TechRepublic, with interesting insights into why your data is being collected.

question sent in by Anna.A from Spain

Q: How does someone get fined outside of the EU?

Article 27 of the GDPR is the first line of defense. It requires companies without operations in the EU to appoint an EU representative. If that doesn’t happen, non-EU companies will be perused via local enforcement actions within their country via mutual legal assistance treaties (MLAT), and private prosecutions under similar local laws.

 question sent in by Claire.M from Taiwan

Q: How does GDPR affect social media advertising

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: How do I process and file personal information that I receive over Text messages in order to be compliant with privacy laws such as the GDPR

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Does SMS marketing need to comply with privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Does my Australian business need to be GDPR compliant?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Do non EU entities have to comply to GDPR?

Yes, Non EU Entities have to comply the moment they apply, handle, process, and/or monitor personal data of residents (full-time or temporary including foreign tourists) within the European Union.

Furthermore, it matters not whether you hold onto the data for 1 minute or 10 years.

 question sent in by John.K from Taiwan

Q: Do I need to train my staff?

The logical answer is yes you do, as they are your controllers and processors of the information you receive. Furthermore it matters not whether you are a small family business or a large organization,

The purpose of a certification is to develop a code-of-conduct for your staff to follow, which in return helps them understand the requirements and actions needed in being compliant.

Richard Branson said it best:  “Customers come second, employees first. It’s a philosophy that brings unexpected benefits to both the company and its clients.”

 question sent in by Konstantinos.M from Greece

Q: Do I have rights under the privacy act when I use social networking sites?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Do all organization now need to appoint a Data Protection Officer in order to comply with Privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Can I keep my customers details on file once our transaction has completed?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Can I get insurance against Data breaches?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Can I cancel my membership at any time

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Can a Controller or Processor be fined?

The short answer is yes.

In saying that, a monetary fine is only one of the corrective measures included in the GDPR to apply pressure on controllers and processors to comply with the regulation.

Not all violations will result in a monetary fines, and not all fines will be based on the maximum amount, though rest assured it won’t be pocket change either.

A monetary fine is the last step in a long process designed to address the scope of an infringement by a Controller and/or Processor, concurrently assessing on how the organization allowed the infringement to happen in the first place and to monitor what steps have been taken to address the violation and any further violations.

 question sent in by Victoria.F from Germany

Q: As an employee or contractor what rights do I have under privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: As a career working in the aged care, disability and child support sector. Do I need to comply with privacy laws such as the GDPR?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Q: Are Photographs, videos & audio considered personal data

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

GDPA VIDEO CONFERENCING

OVERVIEW

For us at GDPA, providing you a conference platform you can rely on is the most important thing. That means, amongst other things, we are very mindful of the security and privacy aspects that affect our users.

Security and privacy are very broad topics so we are going to try and go through some practical use cases to demonstrate what’s at play.

Fully secure you say… What does this mean exactly?

In many respects meetings are simply private by design.

To begin with, all meeting rooms are ephemeral: they only exist while the meeting is actually taking place.

They get created when the first participant joins and they are destroyed when the last one leaves. If someone joins the same room again, a brand new meeting is created with the same name and there is no connection to any previous meeting that might have been held with the same name.

This is all very important. Some of the systems that let people “pre-create” rooms, have subtle indications that let a potential attacker distinguish reserved from unreserved meetings which then makes the reserved meetings easier to identify and target.

That said, since a name is all that one needs to actually access a room, we have to be really careful about how we choose them. We don’t want others accidentally stumbling into your meetings, just as we want to keep pranksters and snoopers away. Therefore you simply create a unique name for your conference or use our random code generator below. Once created, it’s what you will share with the people you want to participate.

If you start a meeting with the name “Test”, “Demo” or “Family” for example, chances of having some random uninvited people joining are very, very high. How does one pick a good room name then? Our random meeting name generator below is a great start. It offers names that are easy to remember and read out loud on a phone call, and come from a set of over a trillion possible combinations. Picking out one of the auto-generated names is therefore quite safe.

COPY & SHARE YOUR UNIQUE CONFERENCE CODE
https://meet.jit.si/

If entering via Web Browser then share/use the full link: https://meet.jit.si/#########

If entering via GDPA Video Conferencing then share/use the 9 digits: #########