GDPR Compliance Information for GoHighLevel

GDPR Compliance Information

The General Data Protection Regulation (GDPR) is a data privacy and security law introduced by the EU which became effective on May 25, 2018. It is currently the most stringent privacy and security law globally. If an organization targets or collects data related to individuals in the EU, regardless of whether it is located in the EU or not, it is obligated to comply with this law.

The aim of this summary is to give you a basic comprehension of GDPR and its potential relevance to your business or organization.

Scope of the law: Even if your organization is not located in the EU, the GDPR applies to you if you handle the personal information of EU citizens or residents, or if you provide goods or services to individuals in the EU.

Privacy Rights of the People: The GDPR offers privacy rights to individuals, known as “data subjects,” when they use the internet. There are 8 specific rights granted under this law:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

Key definitions: Although GDPR has many legal definitions, here are some of the key ones that you should know for easy reference.

  • Personal data — Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.
  • Data processing — Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing… so basically anything.
  • Data subject — The person whose data is processed. These are your customers or site visitors.
  • Data controller — The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.
  • Data processor — A third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers like Tresorit or email service providers like ProtonMail.

NOTE: Definitions taken directly from https://gdpr.eu/

Data Protection Principles: If you or your business handles data, it is mandatory to comply with the seven principles of protection and accountability. These principles are listed below and are also outlined in Article 5.1-2 of the full GDPR law.

  1. Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  4. Accuracy — You must keep personal data accurate and up to date.
  5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

NOTE: Definitions taken directly from https://gdpr.eu/

Complying with GDPR is crucial for any business. Understanding the privacy rights of data subjects and the data protection principles can help you ensure your business is compliant. The key definitions provided in this article can give you a general understanding of who and what is covered under GDPR. It is important to note that this is not legal advice and the article only serves as a brief overview of key points. We recommend consulting with legal and business support teams for GDPR compliance. For more information, visit https://gdpr.eu/.

Related Articles

List of Custom Values

List of Custom Values for GoHighLevel

Here is a list of custom values you may find in your system: Contact > Full name: {{contact.name}} Contact > First name: {{contact.first_name}} Contact > Last name: {{contact.last_name}} Contact > Email: {{contact.email}} Contact > Phone: {{contact.phone}} Contact > Company name: {{contact.company_name}} Contact > Full Address: {{contact.full_address}} Contact > Address 1: {{contact.address1}} Contact > City: {{contact.city}} […]

Ryan OConnor
Go HighLevel Onboarding, Training, Education, Coaching, Support, Products and Services. Enabling Customer Success for GHL Agencies Worldwide
Copyright Growthable 2023 | All Rights Reserved

Grab our free techincal onboarding checklist