GDPR is here… but what does it mean for you?
GDPR- the General Data Protection Regulation, is a new E.U data protection law that comes into effect on May 25, 2018, and we are sure you have seen and heard much about it. But what is it and what does it mean for you as an individual and for companies as a whole?
Headquartered in Europe, Sociabble understands the privacy on a level that predates even GDPR. Privacy and Data protection have always been at the forefront of our design, implementation, and general values. They are built into not only the European but Sociabble’s culture. Which is why we want to ensure that all users, individuals, and organizations have a complete understanding of GDPR, what it is, what it means, and why it is important.
Here is your definitive guide to what is GDPR and what it means for you.
What is GDPR?
GDPR is a set of regulations designed to replace the Data Protection Directive 95/46/EC. The main goal is to safeguard European Union citizen’s data, protect their privacy rights, and synchronize data privacy laws across Europe. The new regulations will reshape the way organizations approach data privacy for EU citizens worldwide.
What does GDPR cover?
Any information relating to an identified or identifiable individual including that which may be processed by a service provider.
- Medical Records
- Legal Records
- Political or Religious Views
- ID information
- Email Address
- Home Address
- Phone Numbers
GDPR applies when an organization processes personal data both within the EU or Outside the EU when an EU resident is concerned. In short, any time any information from an EU resident is collected or used the regulation must be considered.
How Does GDPR Work?
How can you possibly regulate all that data across the globe? It’s far from simple, but the new guidelines have you covered.
GDPR has a number of built-in safeguards. For instance, organizations share accountability with processors and sub-processors alike, placing equal liability on both data owners and processors (organizations that help store and manage data). What does that mean for you as a company? If the third-party processor your organization uses is not in compliance then by the new regulation you are not in compliance. GDPR also has rules for reporting breaches to make sure everyone concerned is notified and kept up to date in terms of their data and privacy.
Existing contracts with processors and organizations are required to clearly outline any and all responsibilities. They must stipulate how the data is managed, processed, and stored, as well as noting how breaches will be handled and reported.
This takes effect even if the processor is located outside of the EU. Any processor that handles the data of an EU resident must also be compliant with all GDPR regulations. If an organization were to breach GDPR regulations they could potentially be hit with sanctions of up to 4% of Sales Revenue, amongst other consequences.
Why is GDPR important?
GDPR defines the responsibilities and scope of an organization for data processing, as well as the protection of personal and potentially sensitive information. It aims to provide a new layer of accountability.
To do this the definition of ‘personal data’ has been expanded. Under GDPR it will include multiple online identifiers, for example, mobile device identity, or your IP address. On top of this broadened definition, technical measures for the protection of personal data will also be mandatory. Examples of measures that are expected include:
- encryption of personal data
- ensuring confidentiality
- the ability to prove that security measures are 100% effective
- ensuring integrity
- data availability (for user request)
On top of these regulations, organizations will also need the explicit consent of individuals to process any of their data. In order to give this consent, the individual must have a full understanding of what can and will be done with their data. This means that organizations will no longer be able to use long, complex, and difficult to understand, terms and conditions.
GDPR and Employee Advocacy
Employee advocacy has become a “must-have” across the board, and with the new GDPR regulations having an aligned and structured employee advocacy program allows you to reach authentically reach your audience. Under new GDPR guidelines, organizations can only contact prospects who have selected to “opt-in” to company contact. However, employees who reach out using personal social networks are not included in this regulation. Employees can share company content to their social media networks while staying within GDPR guidelines.
On the other side, when it comes to employee sharing, GDPR and employee advocacy, security must be paramount. Employee advocacy asks employees and collaborators to share company and industry content across their social media networks. This involves users on a personal level. The data that is collected through the use of an employee advocacy platform or initiative is personal, private data.
Luckily GDPR has improved upon individual data rights by giving users complete control over their personal and private information.
How does GDPR provide users with more control over their information?
Users must be fully informed and give consent before any and all data is collected. Additionally, users have the capability to view, edit, and erase their personal data. As an extra layer of reassurance users also will receive a notification in case of privacy breach, ensuring they stay informed and understand how their data is being used.
Individuals will also be given more rights for the processing of their data. This includes allowing for “the right to be forgotten” which means that individuals can request that their data be erased or removed from the system.
In short, GDPR helps to hand over the control of personal data to the user, ensuring their rights, privacy, and wishes are respected and provides greater measures for ensuring the protection of private data.
Sociabble and GDPR
In order to comply with these new terms and give our users the utmost confidence and peace of mind Sociabble has put in place numerous safeguards for the handling and processing of your data. These include, but are not limited to
– Regulated encryption of any and all data
– Regulated protection of endpoint computers that handle critical information which includes malware protection centralization, encryption of critical employees computers)
– Employees have and will continue to receive security and protective training
– Privacy reviews have been, and are still included in all our projects
– Privacy impact assessments are conducted regularly with help of legal professionals
– Updates to incident management process have been made, including the notification of a privacy breach for impacted users and authorities
– We have appointed a Data Protection Officer to ensure not only compliance but also top-level security
– We have taken a complete inventory of PII and data processing
– We have reviewed all data processing and subprocessors for compliance
Going Beyond GDPR
Beyond strict GDPR compliance, we are giving our clients an API that allows them to execute personal data deletion or removal from a distance, to allow them to have a centralized and automatic management of GDPR.
At Sociabble, we firmly believe that data privacy and security are aligned. You cannot address data privacy if you have not addressed security. From the start, Sociabble has tested and continually improved security. Top of the line security, such ISO-27001 was one of our earliest investments and will remain one of our top priorities.
From intrusion tests with larger clients such as Microsoft to continual updates and safeguards- we are committed to providing safe, secure, and trustworthy data protection and security. That’s why we are committed to GDPR compliance and global understanding of GDPR as a whole.
You can find the complete GDPR text here.