GDPR is a new European law coming into effect May 25, 2018, protecting the rights and freedoms of EU individuals with respect to their personal data.
DOES IT APPLY TO MY RESTAURANT?
If your restaurant is established in the EU/UK, yes it does. If your restaurant is not established in the EU/UK, then it only applies with respect to diners and prospective diners who are residents of the EU/UK.
WHAT DATA DOES IT COVER?
Personal data of EU individuals. Personal data is data that can be linked to an identified or identifiable person. It includes direct identifiers (e.g., name and email) and indirect identifiers if they can be used to identify a person (e.g., IP address and online identifiers).
WHAT TYPES OF PROCESSING DOES IT COVER?
All types, whether or not automated, such as the access, collection, storage, retrieval, use, disclosure or erasure of personal data.
DOES IT COVER CITIZENS OF THE UNITED KINDGOM?
Yes, the UK will still be a part of the EU when GDPR comes into effect and the UK government has stated that it will comply with the GDPR and that such compliance will not be affected by Brexit.
**DOES GDPR REQUIRE CONSENT TO PROCESS PERSONAL DATA, INDUCING EMAIL? **
No, consent is only one of the legal bases for processing data. For example, data can also be processed: - To fulfill a contract with that person - Sometimes for “legitimate interests,” such as for marketing and commercial objectives (these legitimate interests must, however, outweigh detriment to the privacy of that person) - When there is a legal obligation to do so