GDPR is just another acronym*.
...if you have worked as hard as we have, to achieve maximum transparency and control for our users.
What is GDPR?
The Data Protection framework for companies has always been much needed.
Starting May 25th, 2018, under the GDPR, all businesses monitoring, storing, managing, and handling European citizens’ personal data must do so in the most transparent ways. At the same time, European citizens maintain maximum control over the personal data they have shared. Moosend has been GDPR-compliant since late 2017 and below are the major changes we have implemented in our crystal clear practices.
GDPR: What's the buzz for?
The GDPR harmonizes different data privacy law across European countries.
Instead of being intimidated by naysayers, stay in the know: the GDPR empowers European citizens and gives them control over the processing of their personal data.
It’s not set to destroy businesses, but rather, reward the ones engaging in good practices.
The General Data Protection Regulation is here.
Your security matters to us. This is why we have appointed a dedicated DPO from within the company to cater to all your data protections needs.
What is a DPO?
To achieve GDPR compliance it is key to appoint a person to oversee all data-protection related procedures.
A Data Protection Officer:
• Is knowledgeable about all aspects of GDPR
• Does not receive instructions regarding the performance of their duties
• Does not report to a direct superior (other than top management)
• Has full access to all necessary resources within the organization needed to complete their tasks
• Has the authority to investigate personal-data-related operations
Your Point of Contact
A DPO is your key point of contact within a company.
It is a DPO’s primary responsibility to ensure data protection compliance throughout the organization. One other aspect of their role is that DPOs handle and advise the company on how to handle any data protection related complaints or requests.
At all times, they ensure that users/customers (data subjects) stay well informed of their rights, while maintaining that all employees handling personal data are aware of their obligations and responsibilities. Last, it is the company DPO that will cooperate with the data protection authority, if need be.
WHAT WAS THERE BEFORE GDPR?
The GDPR succeeds the EU directive, still in effect at the moment. The primary difference between the directive and the regulation is that the former can be opted-out of. The GDPR, however, is a mandatory regulation and applied to all.
WHY MUST WE COMPLY WITH GDPR?
The digital landscape is no longer what it used to be 10 years ago; it has changed radically. In that light, what "personal data" stood for back then, no longer encompasses privacy completely. As a case in point, online banking details, medical information, IP addresses, are all part of the new identity of personal data.
IS COMPANY DATA CONSIDERED PERSONAL?
While company data is not personal, employee data is. For example, an employee's position in the organization, or billing information of an employee are considered personal data.
WE ARE A B2B COMPANY - MUST WE BE GDPR-COMPLIANT, TOO?
For as long as you access, process, and store company-related data alone, the GDPR does not affect you. Do keep in mind, whatsoever, that any data you keep that might relate to one's personal, professional, or public life is considered personal data. For instance, a General Manager's signature on a contract could be considered personal data, as their position in the company would be revealed. Therefore, it's best to think twice before choosing not to comply with the GDPR.
CAN YOU PROVIDE SOME EXAMPLES OF MARKETING PRACTICES WHICH ARE ABOUT TO CHANGE UNDER THE GDPR?
One example could be that some very popular contests on social media will no longer require participants to subscribe to the company newsletter in order to join. Another example would be that companies rather than presenting users with just one, all-inclusive checkbox will need to provide separate checkboxes for users to,say, i) accept the terms, ii) certify their age, iii) and receive further communication from the company
IS THERE A THIRD PARTY TO CERTIFY US FOR GDPR COMPLIANCE?
No, there isn't. What you must do is check with your legal attorney and then do everything in your power to render your processes transparent for GDPR compliance.