If you haven’t heard of the looming General Data Protection Regulation (GDPR), you’ve either been living under a rock, or you’ve been on a very long Internet-free sabbatical, of which if the latter is the case – insert envious comment here. For the many marketers, however, who have been inundated with information pertaining to GDPR and its upcoming enforcement date, I know many are still overwhelmed and confused about how best to prepare for the impending regulation.
Luckily, Folloze has been hard at work in preparation for the changing parameters surrounding the new data collection and management processes. Below, I’ll provide a clear overview of GDPR, its key requirements, and how we at Folloze are complying specifically with privacy rights, data collection, data storage/processing, and data incident processes. Buckle up, because ready or not – GDPR is here.
The EU General Data Protection Regulation is a new data protection law that comes into effect on May 25, 2018 and replaces the Data Protection Directive 95/46/EC. GDPR harmonizes data privacy laws across Europe, strengthens EU citizens’ data privacy and reshapes the way organizations across the region approach data privacy. GDPR also addresses the export of personal data outside the EU. Thus, it also applies to organizations located outside of the EU that offer goods or services to EU citizens. All companies processing and holding personal data of EU citizens, regardless of location, are subject to GDPR. However, since businesses typically operate across borders, it's difficult to find companies that has not invested in GDPR readiness.
GDPR classifies organization into 2 categories:
For clarification, Folloze is a data processor and our customers are data controllers. Our customers use our platform to collect and process EU citizen’s data and the PII (Personal Identifiable Information) data that we collect is considered basic: i.e. email, name, phone, etc.
While the above information can seem prodigious, rest assured that Folloze has taken every measure in order to ensure GDPR compliance for its customers. With regards to “Privacy Rights” for example, Folloze supports all the actions that a data subject can request, as well as, the ‘right to be forgotten’ so that whenever a request is submitted and validated, Folloze can execute the right processing including removing PII from its systems.
With regards to data collection, Folloze allows customers to define the messaging of how the person's data is being used and to request explicit opt-in. This messages can be localized for a language or a specific market. Plus, every collection is recorded for auditing purposes. Customers can link to their privacy terms and provide clear message of how the data is being processed. In relation to data storage and processing, Folloze always applies high security in storing data, including block-level storage encryption and offer a an optimized standard data retention policy. We also have an industry standard process of handling all privacy related issues and incidents.
Change is always difficult, when GDPR goes into effect, hopefully you’ll rest a little easier knowing that we have taken every step necessary to ensure both a smooth and compliant transition. If you have any specific questions, or for more information regarding Folloze GDPR compliance, please contact privacy@folloze.com.