GDPR

Everything you MUST know about this new regulation

What is the GDPR?

The GDPR (General Data Protection Regulation) will come into effect on May 25th, 2018. It is a new European privacy regulation which will replace the current EU Data Protection Directive. The aim of the GDPR is to strengthen the privacy rights of EU individuals, place higher demands on how companies manage and protect personal information used in their businesses.

What are the key changes?

The basic idea behind the regulation is to adapt to the changes of the internet and other aspects that are different in our society compared to when previous rules were established back in 1995. You know, long before we were glued to our smart phones.

  1. Consent - Conditions for consent have been strengthened. As businesses we need to be mindful of how we help people understand why we collect any information we need, keep the information safe and ensure that we only store this information for as long as we absolutely need it.

  2. Increased geographical scope - Your company does not need to be based in the EU to be affected. Any company that have data that can be attributed to an EU individual needs to comply with the regulation, regardless if your company is based in the United States, India, Jamaica or somewhere else and don't have a physical presence in the EU. 

  3. Data Protection Officer - Your company needs to have policies in place for how to manage GDPR compliance, a documented audit trail and a Data Protection Officer that is responsible for these internal processes.

  4. Penalties - The GDPR has teeth, folks! Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). So do make sure you are prepared and that you are using GDPR-compliant software, such as Membrain.
That’s of course not all of it, and changes have been made with regards to data breaches, the individual's right to access, the individual’s right to be forgotten, data portability, and privacy by design. For more information on these changes, please visit: EUGDPR.org.

What information is affected by GDPR?

The GDPR regulates the “processing” of data for EU individuals. This means collection, storage, transfer or use of information that can be directly or indirectly attributed to an individual. What’s considered “personal data” is very broad and covers any information relating to an identified or identifiable individual such as:

  • Names
  • E-mail
  • Phone number
  • Photos
  • Adresses
  • Etc, etc...

What's considered "Sensitive Data"?

And according to GDPR there are a number of data that are protected, called sensitive data. These are:

  • Race or ethnic origin
  • Political opinions, religious or philosophical beliefs
  • Memberships in unions
  • Processing of genetic data
  • Biometric data to uniquely identify a person
  • Health data
  • Information on the sexual or sexual orientation of a person

How does this affect you?

It's a lot to take in. We know. The oversimplified explanation is:

  • Carefully consider the balance between consent and legitimate need for that information.
  • Only save the information that you absolutely need to manage your business.
  • Only save it for as long as you absolutely must have it.
  • Information categorized as “sensitive information” is incredibly hard to defend against the GDPR and should be avoided by internal policies and audits.

What is Membrain doing to comply with GDPR?

Preparations are well underway to ensure that our products and services comply with the requirements of GDPR. Membrain is committed to ensure everyone's integrity and that our software makes it possible and easy(!) to live up to the GDPR requirements.

Our team is hard at work reviewing, updating and expanding our tools to help you manage your clients privacy and understand their choices with respect to their personal data.

Below are some specific examples of the changes made to the software itself:

  • Right to be forgotten - Upon request you will be able to easily anonymize information recognizing the persons right to be forgotten.

  • Request for access - Similar to above, when somebody requests to see all information you have saved on their person, you will be able to do that at the click of a button.
Additionally we are creating helpful resources for our customers on what to consider to be fully GDPR-compliant.

Where can I learn more about the GDPR?

Great question! For more information, the following pages have a lot of helpful resources to learn more:

GDPR website - The official GDPR website doesn't offer a ton of content, but what is there is incredibly helpful.

The official regulation PDF - Why not go directly to the source? The regulation itself is surprisingly easy to read and digest.

Wikipedia - Of course Wikipedia has a page for this, and being Wikipedia it's been curated over and over to provide a pretty helpful starting point.