Our GDPR Plan: Everything You Need to Know
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will change the way businesses handle your data. Here’s how we’ve been working to implement it.
What is GDPR?
GDPR is Europe’s new privacy law. Adopted in 2016, it replaces the outdated Data Protection Directive – marking the biggest change in data protection in 20 years.
In that time, technology has evolved rapidly. So too has the amount and type of data that now exists. GDPR aims to address that challenge, by harmonizing data privacy laws across Europe, making it easier to do business across borders – and giving you more control over your personal data.
That means more rights for you to guard your data – and new rules for the businesses that process it.
How we keep your data safe
Data security has always been our top priority here at GetResponse. When designing, deploying and maintaining our network, services and applications, we strive to offer solutions that meet the industry’s strictest privacy regulations. So you can be confident we take security seriously – and keep your data safe.
That’s why we adopted a GDPR Compliance Implementation plan in March of last year – more than a year before the new law becomes applicable.
Our GDPR plan
Last March we put our plan into action, and it’s nearly complete! The first step was to create a dedicated team to oversee the work that needed to be done, under the supervision of our Legal Team and our Information Security Officer, who will also be appointed our Data Protection Officer (DPO) when GDPR is enacted in May.
Here’s what we’ve been working on:
- Adopt an overall strategy for complying with GDPR
- Identify and audit our personal data processing practices
- Create a new privacy website where we’ll post data regulation updates, announcements, and resources
- Create a dedicated email address for data privacy enquiries
- Tweak our services to uphold all new rights of data subjects
- Change our internal and external procedures, and privacy documents
- Appoint a Data Protection Officer
- Adherence to an approved code of conduct or certification
- Final check
Two steps of our implementation plan are ongoing and have always been a part of GetResponse data security:
- Train staff
- Test and check our compliance
We run regular training and compliance sessions to make sure our information security team is always up-to-date on any new or changing regulations and best practices for data security.
To top it off, we’ve been working hard on a step-by-step guide for our customers to learn more about GDPR and how to prepare your GetResponse account to make sure you are compliant. It’s nearly complete and we’ll be sure to update this space when it is ready for download.
As a sneak peek, below is an excerpt from the guide so you can begin to get familiar with key points of the regulation and how you may be affected.
Does GDPR affect me?
GDPR may apply if you’re a data controller or data processor:
- based in the EU, even if you process data outside the EU.
- based outside the EU, but process personal data of EU residents. This applies if you sell goods or services (or offer them for free), or monitor people’s behavior within the EU.
How do you know if you offer goods or services to people in the EU?
- You use a language or currency common in one or more EU countries, to help people who live there take up your offer.
- You mention customers or users who are in the EU.
- You clearly target your offer to people in the EU.
In this case, you’ll need to comply with GDPR.
On the other hand, you probably won’t need to comply if you simply have a website, email address, or other contact details that can be accessed in the EU – and the language is common to your country (and not to any EU member state).
How does GDPR affect me?
It’s worth keeping in mind that before GDPR, you still had to meet regulations when processing personal data.
GDPR simply means data controllers must make a greater effort to process personal data within the law. They also have to make it clear how data will be processed – and ask for consent. And if there’s a personal data breach, they need to notify the supervisory authorities and data subjects as soon as possible.
Unlike past laws, GDPR also refers directly to data processors – and outlines how they must now comply.
If you have a GetResponse account, you’re the controller of your contacts’ personal data. That’s because you decide why and how their information will be used. And that means you’re responsible and liable under GDPR.
Stay tuned! We’ll post the full guide and more updates very soon.
Questions or comments? Let us know in the comments section below how you are feeling about GDPR. You can also email our privacy experts directly with any questions.