The arrival of General Data Protection Regulation, or GDPR is imminent – May 25, 2018 to be exact.
By now you’ve heard of GDPR, but what you may not know is that it impacts companies both inside and outside of the EU. When the EU passed GDPR in April 2016, they created a new set of rules designed to give the citizens of the EU more control over their own personal data and reshape the way organisations across the European Union approach data privacy. But since compliance was required by any company (regardless of company location) that offered goods and services to customers or businesses in the EU, the EU provided a two-year window to build the necessary infrastructure.
Since its inception as an email service provider in 2000 and its growth into data analytics, Fishbowl has always taken great care in the protection and safekeeping of customer data, including complying with all privacy laws. As a result, a number of protections have already been in place for many years including:
- Only accepting Opt-in, permission-based customer data from clients
- Providing One-click unsubscribe functionality on all emails
- Adherence to currently applicable data privacy guidelines in the UK and US
The passage of GDPR requires greater transparency around how customer data is handled and used. As a GDPR Data Processor our company made a commitment to its compliance by creating a cross-functional team throughout all levels of the organisation comprised of IT, Legal, Product, Integrations, Engineering and Client Services. The team has been collaborating over the past year to analyse the requirements, and subsequently enhance our products, functionality, policies, contracts, internal processes and documentation.
In addition, our Client Services team has been working closely with our UK clients to assist with evaluating and updating their customer sign up and opt in data collection methods. In the process, we’ve assessed customer list permission status and helped determine those requiring updates or new processes; advised others on updating privacy policies; and implemented plans for responding to subject access, data amends, unsubscribe and data deletion requests.
The team will ensure that by May 25, 2018, we have:
- Completed an internal Data Protection Impact Assessment (DPIA)
- Applied for a Privacy Shield Certification
- Updated our documentation and processes regarding data storage and handling
- Ensured the new privacy requirements regarding rights, consent and transparency are on all client-facing products and systems
- Put in place the proper systems to enable data subjects to request copies of their data, amend it, unsubscribe from any mailings they may receive, or delete their profile entirely with a focus on transparency and ease of use.
All this is being done so that our trusted clients, partners and vendors will be able to say they have met the privacy and security standards necessary to be GDPR compliant.
Visit our website for more details on GDPR and our compliance efforts.
This blog was written by Jo Fontaine, Managing Director, Fishbowl UK