

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. Designed to strengthen data protection and privacy for individuals within the European Union, it will have an impact on all organisations that collect data. To make sure you are fully informed about GDPR, here is a list of 15 things every organisation needs to know.

通用数据保护条例(GDPR)于2018年5月25 生效。旨在加强欧盟内部个人的数据保护和隐私,它将对所有收集数据的组织产生影响。 为了确保您完全了解GDPR,以下列出了每个组织需要了解的15件事。

GDPR给欧盟公民新的权利 (GDPR gives EU citizens new rights)

Under the GDPR, all EU citizens will have the following rights:


1. The right of access


GDPR gives EU citizens the right to know the details of any personal data you hold about them and how that data is processed and used. As an organisation, you are obliged to provide this information on request.

GDPR使欧盟公民有权了解您所拥有的任何个人数据的详细信息以及如何处理和使用这些数据。 作为一个组织,您有义务根据要求提供此信息。

2. The right to be forgotten


People also have the right to be forgotten. This means that if a person requests it, you will be required to cease the processing of any data you hold about them and delete it.

人们也有被遗忘的权利。 这意味着,如果有人提出要求,您将被要求停止处理您持有的有关他们的任何数据并将其删除。

3. The right to data portability


If you hold data about anyone, they can now ask for that data to be passed to another organisation. This can make things like passing on ‘no claims’ histories from one insurer to another, much easier. However, it also means that customers can use the records you hold about them to get better deals from your competitors.

如果您拥有有关任何人的数据,他们现在可以要求将该数据传递给另一个组织。 这可以使将“无索偿”历史从一家保险公司转移到另一家保险公司的事情变得容易得多。 但是,这也意味着客户可以使用您持有的有关他们的记录来从竞争对手那里获得更好的交易。

4. The right to be informed about data breaches


Some organisations have kept serious data breaches secret for months in order to protect them from bad publicity and other unwanted consequences. Now, customers have to be legally informed within 72 hours. You must also inform any supervising bodies.

一些组织已将严重的数据泄露保密了几个月,以保护它们免受不良宣传和其他不良后果的侵害。 现在,必须在72小时内将法律告知客户。 您还必须通知任何监督机构。

5. The right to data correction


Under GDPR, any data you hold about an individual must be accurate. If it isn’t, they have the right to demand it is corrected.

根据GDPR,您持有的有关个人的任何数据都必须准确。 如果不是,他们有权要求将其更正。

要保护的数据范围 (Range of data to be protected)

Here is the range of data which you will be required to protect under GPDR.


6. Identifying data


Any information that can be used to identify an individual comes under the protection of GDPR, this includes information such as their name, address or National Insurance number as well as things like CCTV footage, car registration numbers and RFID chip data.


7. Web data


GDPR also requires the safeguarding of web data. This includes details of an individual’s location, their IP addresses and any cookie data.

GDPR还要求保护Web数据。 这包括个人位置,其IP地址和任何cookie数据的详细信息。

8. Demographic information


If you collect any information that classifies individuals, this too comes under the protection of the new regulation. This includes data about gender, race, ethnicity, disability and sexual orientation.

如果您收集任何对个人进行分类的信息,这也将受到新法规的保护。 这包括有关性别,种族,种族,残疾和性取向的数据。

9. Health, genetic and biometric data,遗传和生物统计数据

Health, genetic and biometric data has become problematic over the last few years. Insurance companies, for example, can use this information as a basis for setting the costs of health insurance. And as biometric data is increasingly used for authentication, keeping it secure is absolutely crucial. For this reason, it too, is included in the data protected by GDPR.

在过去的几年中,健康,遗传和生物统计数据已成为问题。 例如,保险公司可以使用此信息作为设置健康保险费用的基础。 随着生物识别数据越来越多地用于身份验证,确保其安全绝对至关重要。 因此,它也包含在受GDPR保护的数据中。

10. Political affiliations


While many people aren’t too secretive about who they vote for or which political party they support, plenty of others are. If you hold data about political affiliations, whether that is their membership of a particular party or just a political opinion gathered on a survey, it needs protection under the GDPR.

尽管许多人对投票对象或支持哪个政党不太保密,但其他许多人却对此保密。 如果您持有有关政治从属关系的数据,无论是特定政党的成员身份,还是调查中收集到的政治观点,都需要受到GDPR的保护。

对业务的安全性要求更高 (Greater security demands on business    )

GDPR also brings in tougher data protection regulations for all organisations that collect and process personal data.


11. Data protection by design


From May, organisations will be required to implement reasonable data protection measures to protect EU citizens’ personal data and privacy by design. ‘By design’ means that end to end measures need to be planned and put in place so that everything from the collection of data all the way to its safe deletion is taken into account. Part of this includes the requirement for organisations to undertake a data protection impact assessment in order to identify risks to data and outline measures to ensure those risks are addressed.

从5月开始,将要求组织实施合理的数据保护措施,以通过设计保护欧盟公民的个人数据和隐私。 “按设计”意味着需要计划并实施端到端措施,以便考虑从数据收集到安全删除的所有过程。 其中的一部分包括要求组织进行数据保护影响评估,以识别数据风险并概述确保解决这些风险的措施。

12. Creating a Data Protection Officer role


Any organisation that processes or stores sensitive data, significant amounts of personal data, or regularly monitors data subjects must create a Data Protection Officer (DPO) role within their organisation. This individual will have responsibility for overseeing data protection, privacy and GDPR compliance. All public authorities (police forces, local councils, government organisations, etc.) must also have a DPO.

任何处理或存储敏感数据,大量个人数据或定期监视数据主体的组织都必须在其组织内创建数据保护官(DPO)角色。 此人将负责监督数据保护,隐私和GDPR合规性。 所有公共机构(警察,地方议会,政府组织等)也必须拥有DPO。

13. GDPR extends beyond the EU

13. GDPR超越了欧盟

GDPR is designed to protect the data and privacy of EU citizens. This means any organisation that holds data on EU citizens is required to comply with the regulation, whether based in the EU or not. This will have an impact on companies like Google, eBay and Amazon that collect web data from users in the EU. It will also affect many smaller international companies that trade in the EU, for example, app-based companies, game providers and online retailers.

GDPR旨在保护欧盟公民的数据和隐私。 这意味着任何拥有欧盟公民数据的组织都必须遵守该法规,无论该法规是否基于欧盟。 这将对像Google,eBay和Amazon这样从欧盟用户中收集网络数据的公司产生影响。 它还将影响在欧盟进行贸易的许多较小的国际公司,例如,基于应用程序的公司,游戏提供商和在线零售商。

14. GDPR will continue after Brexit


The UK has always played a leading role in protecting data. The UK’s Data Protection Act was passed in 1984, 11 years before the EU got around to issuing its Data Protection Directive in 1995. The UK government is committed to ensuring that the rights and responsibilities enshrined in GDPR are maintained after we leave the EU.

英国在保护数据方面一直发挥着领导作用。 英国的《数据保护法》于1984年通过,比欧盟在1995年发布其数据保护指令要早11年。英国政府致力于确保我们离开欧盟后保持GDPR中规定的权利和责任。

15. Big fines for non-compliance


The size of the fines which can be given to organisations that do not comply with GDPR is an indication of how determined the EU is to tackle issues with data protection and data privacy. From May, the maximum fine will be €20 million or 4% of an organisation’s annual global turnover, whichever is higher. This can be levied for failing to adhere to core principles of data processing, infringement of personal rights, or for transferring personal data to other countries or organisations that do not ensure an adequate level of data protection.

可以向不符合GDPR的组织处以的罚款数额表明了欧盟如何确定解决数据保护和数据隐私问题的决心。 从5月开始,最高罚款将为2,000万欧元或组织全球年度营业额的4%,以较高者为准。 可能由于未遵守数据处理的核心原则,侵犯个人权利或将个人数据传输到其他国家或组织而无法确保足够的数据保护水平而被征收。

The issue of transferring data to countries or organisations with less adequate data protection should be a major concern for any company that has a website. If your web host has data centres outside of the EU, it is possible that the information you collect could be stored on less secure servers without your knowledge – and this could mean you are unwittingly breaching GDPR compliance. The same applies if your web host does not provide adequate security even if it is within the EU.

对于任何拥有网站的公司,将数据传输到数据保护不足的国家或组织的问题应该是一个主要问题。 如果您的网络托管服务商在欧盟以外设有数据中心,则可能会在您不知情的情况下将您收集的信息存储在安全性较低的服务器上–这可能意味着您无意中违反了GDPR法规。 如果您的虚拟主机不在欧盟范围内,也无法提供足够的安全性,则同样适用。

eUKhost如何照顾您的数据 (How eUKhost looks after your data)

Firstly, all eUKhost datacenters are based in the UK. None of the information you collect and process is stored or backed up abroad.

首先,所有eUKhost数据中心都位于英国。 您收集和处理的任何信息都不会存储或备份到国外。

In addition, eUKhost has been preparing for GDPR since it was announced in 2015. That has given us plenty of time to put in place everything needed to protect the data we hold about you and help you protect the data you hold about others.


We use verified email addresses and unique security pins to authenticate your identity; we require direct consent before making changes to your account; we use SSL encryption to secure personal identification; and, of course, we never share your information with third parties unless we’re legally obliged.

我们使用经过验证的电子邮件地址和唯一的安全性密码来验证您的身份; 在更改您的帐户之前,我们需要直接同意; 我们使用SSL加密来保护个人身份; 并且,当然,除非有法律义务,否则我们绝不会与第三方共享您的信息。

At eUKhost, all our database engineers are fully trained to maintain and secure data in compliance with the most stringent industry regulations. Private data is secured using mod security rules and fool-proof physical, electronic and managerial procedures, and we backup shared servers to avoid data loss in case of disasters.

在eUKhost,我们所有的数据库工程师都经过全面培训,可以按照最严格的行业法规维护和保护数据。 私有数据使用mod安全规则以及防呆的物理,电子和管理程序来保护,我们备份共享服务器,以免发生灾难时丢失数据。

If you are looking for highly secure hosting from a GDPR complaint web host, visit our homepage to see the wide range of hosting solutions we provide.

如果您正在寻找来自GDPR投诉网络主机的高度安全的主机, 请访问我们的主页以查看我们提供的各种主机解决方案。


