General Data Protection Regulation (GDPR)

In Europe, the handling of personal documents in the workplace / websites that user login is primarily governed by the General Data Protection Regulation (GDPR). This regulation ensures that personal data is processed lawfully, fairly, and transparently. Here are some key points:

Any User of Húsfreyja

• Lawful Basis for Processing: Users must have a lawful basis for processing personal data, such as consent, performance of a contract, legal obligation, vital interests, public task, or legitimate interests.
• Data Minimization: Only data that is necessary for the specific purpose should be collected and processed.
• Transparency and Information: Húsfreyja must be informed about how their data is being used, including the purpose of processing, data retention periods, and who the data will be shared with.
• Data Subject Rights: Any User of Húsfreyja have rights under the GDPR, including the right to access their data, correct inaccuracies, erase data, restrict processing, and object to processing.
• Security Measures: Users must implement appropriate technical and organizational measures to ensure the security of personal data.
• Data Breach Notification: In the event of a data breach, Users must notify the relevant supervisory authority within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms.
• Data Protection Officer (DPO): Organizations that process large amounts of personal data or sensitive data may be required to appoint a Data Protection Officer.

For more detailed information, you can refer to the European Commission's website.

Back