The General Data Protection Regulation (GDPR) is set to come into force on May 25, 2018. This date marks an important deadline for companies not only from the European Union, but also those who merely deal with EU-located customers. A new set of requirements, regarding data privacy, has to be met by the May deadline.
Zeropark is well aware of the steps that are necessary to comply with the GDPR, and is on its way to be fully compliant by May 25. Now, it’s time for you to meet the requirements.
The GDPR in a Nutshell
The GDPR is on everybody’s lips at the moment, but taking your time to prepare for the new regulation should prevent this hot topic from turning into a nasty scorch.
First off, let’s make it clear that the GDPR is not a revolutionary regulation. It’s an evolution of the current EU’s Data Protection Directive, which was introduced in 1995. The GDPR will replace the DPD, and significantly expand the set of rules for data protection.
The GDPR’s main objective is to improve the protection and security of EU’s citizens’ personal data.
The regulation is set to impose restrictions on companies which collect and/or process personal data, under the threat of harsh penalties for violation of the rules.
What you need to keep in mind is that the GDPR concerns both the companies located in the EU and the ones from outside of the Union which control or process personal data of people located in the EU.
Companies that fall under the new regulation must obtain a legal basis for controlling and processing each person’s data.
Interested in reading more about the new rules imposed by the GDPR? Click here.
Controllers and Processors
Zeropark has deployed a dedicated team and undergone an audit, to make sure that we are GDPR-compliant before the deadline.
The regulation, however, postulates the existence of two parties sharing the responsibility for data security – data controllers and data processors.
As a Zeropark customer, you are a data controller. It’s your obligation to determine the reason for processing the data that you collect.
As Zeropark, we are a processor – on your behalf, we process the personal data that you control.
Our obligation, as a data processor, is to deliver a GDPR-compliant platform to you by May 25. You will receive a new terms and conditions agreement and we have also come up with a Data Processing Agreement to give you contractual protection. Both of the documents will be available and applicable before the deadline.
As a data controller, you have to determine and obtain a legal basis for controlling and processing data.
Privacy by Design
Even though we are very much anticipating the GDPR, we have already made sure to secure the privacy of data, by utilizing different technologies and procedures.
For starters, we rely only on the most secure vendors, who are fully GDPR-compliant and ensure the highest data security level. That’s why we use secure cloud servers, including Amazon’s AWS to store data. The AWS is compliant with standards, which include the following; PCI-DSS, HIPAA/HITECH, FedRAMP, the EU Data Protection Directive, and FISMA. Additionally, it’s compliant with ISO 27017 and ISO 27018. To further secure the data stored by our vendors, we always sign appropriate data protection agreements.
To foster the security of processed data, we use Secure Sockets Layer (SSL) encryption. This cryptographic protocol, often used by banks, takes care of the security of data transferred over a computer network. This means that the connection between your browser and our servers is safe, thanks to the SSL encryption.
All the third-party APIs and SDKs which we work with need to meet strict security standards as well. These APIs and SDKs include, for example, our customer support ticketing system.
To top things off, we constantly train our 100+ top-notch developers to produce code which is extremely secure. We even have a security-dedicated team. To further emphasize data security, we have, now, appointed a Data Protection Officer.
Here’s What You Need to Do
To help you become GDPR-compliant, we’ve drawn up this short list of points to check off before May 25.
- Determine a legal basis for processing personal data that falls under the GDPR. Check whether the new regulation requires your visitors’ consent to process their data or whether there is another legal basis for you to do it, like a legitimate interest (learn more here). If you do not have a legal basis to process data, don’t process it until you have one.
- Make sure that your privacy notices are updated to reflect the changes brought by the GDPR. Try to improve these messages’ transparency, explain how you process data. Think about any optional privacy preferences that you may wish to grant your visitors.
- Figure out a way for users to be able to access their data.
- Finally, check the regulation again, to make sure that you don’t have anything to worry about before May 25. Additionally, you can take a look at the GDPR Frequently Asked Questions.
Remember, you can count on us to help you better understand our role as a data processor and the means of becoming GDPR-compliant.
And, when May 25 comes, simply enjoy running Zeropark campaigns as much as you have already!