Lately, we keep hearing about GDPR. So, apart from being a buzzword, GDPR stands for General Data Protection Regulation. Starting May 25, 2018, companies in the EU and companies that have customers in the EU are required to meet new regulations. These regulations have to do with methods of collecting, securing, and deleting personal information. If your company or your employees email EU residents or companies, GDPR is no longer a buzzword, it actually applies to you.
GDPR is here to protect the free exchange of personal data in the EU. The goal is to bring users to better understand who is processing their data, why their information is being processed, and take charge of their information, when and how it’s used or deleted from specified sources. Companies who will not follow these regulations will be subject to some serious fines.
So, how do we fit in? Well, you’ll be happy to hear that Impactia is well into implementation of procedures, documentation and controls so we can fully comply with the requirements of GDPR. Impactia will happily provide support to our customers on all GDPR matters, as increased process and compliance documentation is required in contractual arrangements that fall under the regulation.
GDPR defines two entities – Data Controllers, who own the data, and Data Processors, who exercise control of the data as part of a workflow and are still responsible for the data’s security. As for Impactia Intelligent Email and its customers, Impactia is a Data Processor while customers are Data Controllers.
Impactia, therefore, is required to ensure that all personal data will be processed in accordance with GDPR. The obligation to ensure that the processing of personal data is legal and transparent and ensure that data is properly and securely stored is on both Data Controllers and Data Processors.
How did we act upon the forthcoming GDPR? First, we took to our attention that data subjects have enhanced rights. They have the right to access their personal data that is held by Data Controllers. Also, data subjects should be able to get information about their personal data and how it’s being processed. They have the right to know for what purpose their information is processed, for how long it’s stored and the identity of the recipient of the registered person’s data etc.
Impactia is taking a full audit of all of our legal, technical and internal processes, so we can make sure all of our existing practices comply fully with GDPR.
We’re developing further data management features that will ensure that customers know that Impactia does not store more personal information than what’s necessary, nor does it store information indefinitely. In addition to our regular opt-out, customers can request to have their information deleted at any time, as well as viewing their stored data.
Impactia appointed a Data Protection Officer (DPO), a friendly contact for data privacy needs, which can be contacted via email.
For further question please contact WeCare@impactia.com