April 5, 2018
C/o Kinesio Instructors and Practitioners
Re: General Data Protection Regulation (GDPR)
Dear Instructors and Practitioners:
As many of you already know, the new European Union General Data Protection Regulation (GDPR) will become applicable to individuals and companies operating in the European Union on May 25, 2018. The GDPR supersedes Directive 95/46/EC of the European Parliament. It governs the “processing” of “personal data.”
“Personal data” is broadly defined to include any information relating to an identified or identifiable natural person, and includes names, identification numbers and location data (such as physical and e-mail addresses).
“Processing” is also broadly defined and means essentially anything that is done with personal data, including simply collecting, storing and deleting this data.
In order to process any personal data, the data subject must give informed consent to the processing of any personal data from them. This consent must be freely given, be specific as to what uses the data is used for, be unambiguous and be reflected by either a statement or clear affirmative action. The consent needs to address how the data will be used and the consent to use the data will only extend to identified uses. For personal data that you obtain from seminar attendees that you will furnish to Kinesio, you need to obtain consent from the attendees in order to do so.
Those collecting personal data are required to ensure the security of the data, including protection against unauthorized or unlawful access, accidental loss, destruction or damage. This includes adopting appropriate software security measures for data stored on computers and networks.
Failure to comply with the requirements could subject the collecting person or company to significant financial penalties. We recommend you consult with your professional advisors to more fully understand the extent of the GDPR and all of its applicable requirements to you and to ensure you are in compliance with the GDPR, including drafting appropriate consents of obtain personal data from seminar attendees and share such information with Kinesio. As an accommodation to you, within the next week, we will provide you with a recommended form of consent that you can use in connection with acquiring personal data from the seminar attendees that permits the sharing of that data with Kinesio.
Kinesio has taken measures to ensure that it will be in compliance with the requirements by the effective date in May. To the extent that you collect personal data from EU persons and have consent to share the information with Kinesio, we will have appropriate safeguards in place to protect such data. We request that you do not send personal data to us for which you do not have permission to send to us. To have the appropriate permission to send personal data to us from any seminar attendee, the attendee needs to have signed the form of consent we will provide to you or another form of consent that you have obtained from your legal counsel.
Thank you for your cooperation with these new regulations.
