EzyStayz & The EU’s General Data Protection Regulation GDPR

On the 25th May this year, the General Data Protection Act (GDPR) came into force across the European Union, helping give citizens and residents back control over their personal data. Australian businesses that have an establishment in the EU or offer goods and services in the EU need to comply with the new regulations, with the aim of fostering transparent information handling practices.

So what exactly is the General Data Protection Act and how will it affect you?

1


What Is The GDPR?

The General Data Protection Act (GDPR) is an EU law on data protection and privacy, which addresses the export of personal data outside of the EU. Enforceable from 25 May 2018, it replaces the 1995 Data Protection Directive and is the most significant piece of European data protection legislation to be introduced in the European Union in 20 years.

The GDPR regulates the processing, collection, storage, transfer and use of personal data and is designed to give citizens and residents back control over their personal data. Under the GDPR, the concept of “personal data” covers any information relating to an identified or identifiable individual (a “data subject”) and places enhanced obligations on organisations in the way they handle and store the personal data they collect.

2


GDPR Principles

The General Data Protection Act (GDPR) sets out a number of principles to help businesses govern the use of personal information and are basically a code of good practice for the processing of personal data.

1. Businesses must be transparent about how they are using personal data and it must be processed in accordance with the laws outlined in the GDPR.

2. Personal data can only be obtained for “specified, explicit and legitimate purposes” and cannot be used without the consent of the subject.

3. Data collected should be “limited to what is necessary in relation to the purposes for which they are processed”, ensuring a minimum amount of data is collected for processing.

4. Data must be “accurate and where necessary kept up to date” while being “kept in a form which permits identification of data subjects for no longer than necessary”.

5. Processors must handle data in a manner that ensures the “appropriate security of the personal data, including protection against unlawful processing or accidental loss, destruction or damage”.

3


EzyStayz And The GDPR

EzyStayz is fully committed to complying with the General Data Protection Regulation (GDPR) both prior to and after the regulation’s effective date. Both hosts and travellers that use the EzyStayz platform have a right to privacy in compliance with international laws and regulations.