The General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union (EU) that took effect in May 2018. The GDPR imposes obligations on organisations that control or process relevant personal data in order to safeguard rights to privacy.
The GDPR applies to any personally identifiable information (PII) in the widest sense of the word. Not just data such as name, address, birth date, social security numbers and banking information, but also referenced information linked to an individual such as photographs, social media posts, preferences and location. Although GDPR is limited to the EU, World Research Alliance – deemed the Data Controller – adopts the same principles world-wide.
- We do not collect sensitive personal data, unless for a specific, explicit and legitimate purpose and with the consent of the data subject. We do not keep this data for longer than the purpose requires.
- We diligently protect sensitive personal data with a strict security protocol on how we store, share and process it in a lawful and transparent manner.
- We do not tamper with data we collect through designs that deliver the optimum quality possible. We inform individuals who share their personal data about the type of information we have on file and as far is practical enable them to review and delete their personally identifiable data.