GDPR

What is the GDPR?

The GDPR (General Data Protection Regulation) came into effect on May 25th, 2018. It is a European privacy regulation which replaced the current EU Data Protection Directive. The aim of the GDPR is to strengthen the privacy rights of EU individuals, place higher demands on how companies manage and protect personal information used in their businesses.

What are the key changes?

The basic idea behind the regulation is to adapt to the changes of the internet and other aspects that are different in our society compared to when previous rules were established back in 1995. You know, long before we were glued to our smart phones.

1. Consent - Conditions for consent have been strengthened. As businesses we need to be mindful of how we help people understand why we collect any information we need, keep the information safe and ensure that we only store this information for as long as we absolutely need it.
   
   
2. Increased geographical scope - Your company does not need to be based in the EU to be affected. Any company that have data that can be attributed to an EU individual needs to comply with the regulation, regardless if your company is based in the United States, India, Jamaica or somewhere else and don't have a physical presence in the EU. 
   
   
3. Data Protection Officer - Your company needs to have policies in place for how to manage GDPR compliance, a documented audit trail and a Data Protection Officer that is responsible for these internal processes.
   
   
4. Penalties - The GDPR has teeth, folks! Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). So do make sure you are prepared and that you are using GDPR-compliant software, such as Membrain.

That’s of course not all of it, and changes have been made with regards to data breaches, the individual's right to access, the individual’s right to be forgotten, data portability, and privacy by design. For more information on these changes, please visit: EUGDPR.org.

How does this affect you?

It's a lot to take in. We know. The oversimplified explanation is:

• Carefully consider the balance between consent and legitimate need for that information.
• Only save the information that you absolutely need to manage your business.
• Only save it for as long as you absolutely must have it.
• Information categorized as “sensitive information” is incredibly hard to defend against the GDPR and should be avoided by internal policies and audits.

What is Membrain doing to comply with GDPR?

Preparations are well underway to ensure that our products and services comply with the requirements of GDPR. Membrain is committed to ensure everyone's integrity and that our software makes it possible and easy(!) to live up to the GDPR requirements.

Our team is hard at work reviewing, updating and expanding our tools to help you manage your clients privacy and understand their choices with respect to their personal data.

Below are some specific examples of the changes made to the software itself:

• Right to be forgotten - Upon request you will be able to easily anonymize information recognizing the persons right to be forgotten.
  
  
• Request for access - Similar to above, when somebody requests to see all information you have saved on their person, you will be able to do that at the click of a button.

Additionally we are creating helpful resources for our customers on what to consider to be fully GDPR-compliant.