General Data Protection Regulation
Skyline Whitespace’s commitment to GDPR
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become effective and enforceable on the 25th May 2018.
Skyline Whitespace is fully committed to achieving compliance with the GDPR.
What are we doing about the GDPR?
Skyline Whitespace began to dedicate internal resources to the GDPR in December 2017. We did this because we value our customers rights to privacy.
Here’s a synopsis of what we have undertaken to ensure that your data is used appropriately:
- Researched the areas of our product and our business impacted by GDPR –
- Developed a strategy and requirements for how to address the areas of our product impacted by GDPR
- Review all existing contacts in our CRM and engage with agency to cleanse
- Feedback Consent Controls
- Suppression Controls
- Implemented the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR
I’m new to the GDPR and would love more details on what it is?
The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.
The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
In summary, here are some of the key changes to come into effect with the upcoming GDPR:
- Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
- Compliance obligations: The GDPR requires organisations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organisations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organisations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organisations engaged in profiling or monitoring behaviour of EU individuals.
- Increased Enforcement: Under the GDPR, authorities can fine organisations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organisations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organisation that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organisation has a physical presence in the EU.
If you have any questions, please don’t hesitate to contact us at firstname.lastname@example.org