If you haven’t heard of the looming General Data Protection Regulation (GDPR), you’ve either been living under a rock, or you’ve been on a very long Internet-free sabbatical, of which if the latter is the case – insert envious comment here. For the many marketers, however, who have been inundated with information pertaining to GDPR and its upcoming enforcement date, I know many are still overwhelmed and confused about how best to prepare for the impending regulation.

Luckily, Folloze has been hard at work in preparation for the changing parameters surrounding the new data collection and management processes. Below, I’ll provide a clear overview of GDPR, its key requirements, and how we at Folloze are complying specifically with privacy rights, data collection, data storage/processing, and data incident processes. Buckle up, because ready or not – GDPR is here.

GDPR Overview

The EU General Data Protection Regulation is a new data protection law that comes into effect on May 25, 2018 and replaces the Data Protection Directive 95/46/EC. GDPR harmonizes data privacy laws across Europe, strengthens EU citizens’ data privacy and reshapes the way organizations across the region approach data privacy. GDPR also addresses the export of personal data outside the EU. Thus, it also applies to organizations located outside of the EU that offer goods or services to EU citizens. All companies processing and holding personal data of EU citizens, regardless of location, are subject to GDPR. However, since businesses typically operate across borders, it's difficult to find companies that has not invested in GDPR readiness.

GDPR Key Requirements

• ‍Privacy Rights –  Involves the rights of ‘data subject’ (a person) related to their personal data and includes the ability to access, correct, erase, export, and to object to it’s processing.
  
  
• ‍Data Collection & Processing – Requires providing of clear notice of data collection, the communicating of the processing purposes and use cases, and the definition of data retention and deletion policies.
  
  
• ‍Controls & Notifications – Enforces the ability to secure personal data with appropriate measures,  notify authorities of personal data breaches, develop a privacy incidents process, obtain appropriate consents, and keep records about data processing.
  
  
• ‍Training and Enablement – Commands the training of privacy personnel and employees, the auditing and updating of data policies, and the creation and management of compliant vendor contracts.

Folloze’s ‘Entity Level’ as Defined by GDPR

GDPR classifies organization into 2 categories:  

• ‍A data processor -  a company that processes data on behalf controllers, although controllers may also process data.
• ‍A data controller - a company that determines the purpose and means for the processing of personal data.

For clarification, Folloze is a data processor and our customers are data controllers. Our customers use our platform to collect and process EU citizen’s data and the PII (Personal Identifiable Information) data that we collect is considered basic: i.e. email, name, phone, etc.

Folloze is Fully Equipped for GDPR Compliance

While the above information can seem prodigious, rest assured that Folloze has taken every measure in order to ensure GDPR compliance for its customers. With regards to “Privacy Rights” for example, Folloze supports all the actions that a data subject can request, as well as, the ‘right to be forgotten’ so that whenever a request is submitted and validated, Folloze can execute the right processing including removing PII from its systems.

With regards to data collection, Folloze allows customers to define the messaging of how the person's data is being used and to request explicit opt-in. This messages can be localized for a language or a specific market. Plus, every collection is recorded for auditing purposes. Customers can link to their privacy terms and provide clear message of how the data is being processed. In relation to data storage and processing, Folloze always applies high security in storing data, including block-level storage encryption and offer a an optimized standard data retention policy. We also have an industry standard process of handling all privacy related issues and incidents.

Change is always difficult, when GDPR goes into effect, hopefully you’ll rest a little easier knowing that we have taken every step necessary to ensure both a smooth and compliant transition. If you have any specific questions, or for more information regarding Folloze GDPR compliance, please contact privacy@folloze.com.