Regardless of what type of business you are or where in the world that business is located, you’ve likely heard about the EU GDPR (General Data Protection Regulation) – European Union’s new data privacy law.
Jackrabbit is focused on making sure we are ready for the EU GDPR. We also want to help you understand what the new law means for you, our clients.
Do you know what the EU GDPR is?
The GDPR is an EU privacy law that will take effect on May 25, 2018. It will regulate the treatment and use of personal data belonging to EU citizens.
At a basic level, the EU GDPR is intended to give more control to EU citizens over their personal data. Among other things, it regulates how people and organizations can obtain, use, store and eliminate personal data of EU citizens. The ideas in the GDPR actually aren’t so new. Many of the concepts in the GDPR were introduced over 20 years ago when the EU adopted the Data Protection Directive in the mid-1990s.
The GDPR seems to represent a real sea change, giving people strong agency in how their personal data is collected and used. Unlike the Directive from the mid-90s, the GDPR:
- Is much more specific about what is okay and not okay.
- Introduces a broader definition of personal data.
- Sets forth such stringent requirements that companies are required to make real operational changes.
- Is completely uniform across the EU, leaving a lot less wiggle room for interpretation.
- Enforces penalties that are really, really steep; it’s clear that the EU wants to ensure real change.
The EU GDPR is obviously going to have an impact on businesses all around the world.
Will the EU GDPR apply to you?
EU-based businesses, as well as anyone processing the personal data of EU citizens, is likely to be impacted by the GDPR and this new law should be on your radar. And by “processing” we mean if you ever do any or all of the following to personal data from customers or contacts in the EU:
What does the EU GDPR require?
Because it’s new, it’s really hard to say exactly how the EU GDPR’s requirements will impact each business’ operations.
Some of the key concepts are:
- Being really clear about what constitutes personal data.
- Being really clear about ensuring that personal data is used only with a user’s explicit consent or some other lawful basis for processing it.
- Keeping data secure.
- Giving EU citizens a set of rights with respect to their personal data, including things like the right to:
- See what data a company has collected about them.
- Control how that data is shared with other companies.
- Have all of their data deleted.
What is considered “personal data?”
Personal data, according to the GDPR, is any information relating to an identified or identifiable individual, which could mean any information that could be used either on its own or in conjunction with other data, to identify an individual.
Sensitive personal data, such as social security numbers, passwords, health information, or information that suggests a person’s racial or ethnic origin will require even greater protection under the GDPR.
How does the EU GDPR benefit your business?
Getting ready for the GDPR requires some effort. But that effort can benefit you and your business.
- It will help to create a more trusting relationship between you and your customers. Knowing exactly what kind of experience your customers want from you helps you meet—and exceed—their expectations.
- The GDPR empowers your customers to understand exactly what data is being collected and how it will be used.
Check out this infographic for an easy to understand and remember approach to ensure your compliance with the GDPR.
How can you prepare?
There isn’t a checklist or certification process by which you can be assured that you are in compliance with the GDPR. What is clear is that complying can mean different things for different types of businesses.
The common denominator is that each company that wants to serve EU citizens will need to do its best to be compliant and to remain vigilant about the evolution of the EU GDPR.
Where does Jackrabbit fit into your GDPR equation?
Jackrabbit Helps You Honor Customers’ Requests Around Their Own Personal Data
Under the GDPR, EU citizens have certain rights with respect to their own data. When you think of Jackrabbit Technologies’ role in helping you honor your customers’ rights, think about how a safe deposit box works.
When you choose, with consent or some other lawful basis, to record or pass into Jackrabbit personal data about your customers, that data goes into your Jackrabbit account.
In the same way that a bank doesn’t access the contents of your safe deposit box, Jackrabbit doesn’t access the data in your Jackrabbit account. Please remember that you work directly with your customers to honor their requests about the data you have captured and stored about them – whether it is in Jackrabbit or not. Jackrabbit will help by providing ways for you to easily access, change, remove and delete that data at your customers’ requests.
Because Jackrabbit is a processor, you may need to obtain consent from your identified customers for the way that you plan to use Jackrabbit to process their data. If so, we suggest you be as clear as possible about how you use Jackrabbit and why your customers might want to grant you consent to identify them for those purposes.
Can you be confident of data storage in Jackrabbit?
You can have every confidence in the storage of your customers’ information in Jackrabbit. You will still be able to store their personal information as you do now because Jackrabbit’s data security and privacy protection measures have always surpassed industry standard. Our EU GDPR compliance efforts will re-enforce what is already strong. We are handling your customers’ data appropriately and in line with EU legal requirements.
Transparency on EU GDPR compliance efforts
Jackrabbit will be transparent about EU GDPR compliance efforts and will share information that you may find valuable about the EU GDPR as the details solidify.
Detailed EU GDPR information can be found at https://www.eugdpr.org.
Please see another related blog post: