On May 25, 2018, the EU General Data Protection Regulation (GDPR) will be in effect bringing new data protection rights for individuals in the European Union. If you collect personal data from candidates who reside in the EU, the GDPR applies to you. The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to greatly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data.
What is GDPR?
The GDPR (General Data Protection Regulation) is a new set of rules designed to give EU citizens more control over their personal data when granting permissions to use their personal information for a variety of reasons in exchange for services.This means that any EU based organization weather "controllers" or "processors" of data must be complaint before May 18th 2018
What steps are taken by PersistIQ to be complient with GDPR?
1. Updating our DPA
As these changes occur, our DPA has been revised to reflect changes related to GDPR. Please contact us at [email protected] to receive the DPA.
2. Controller and Data Processor
PersistIQ has taken great measures in defining our product to allow PersistIQ as Controller and as Processor in compliance with GDPR requirements updated to include the new, mandatory Processor provisions set out in Article 28 of the Regulation along with modifications needed for customer contracts who need to be GDPR ready by May 2018. The definitions of each Controller and Data processor are laid out in Article 4 of the General Data Protection Regulation.
Many of PersistIQ's users will be in the “Controller” category as they are collecting and using personal data about their prospects. PersistIQ falls under the “processor” category, therefore are required by the GDPR to place great care and importance when it comes to the security of the data that is shared by our clients.
What steps do users need to take?
- Review your current privacy notices and plan for any necessary changes to the GDPR implementation.
- Review how you record and manage consent and whether any changes are required such as refreshing existing consents that do not meet GDPR standards. Make sure the existing records are not outdated.
- Ensure that your data should only be used for the purposes specified in any agreements. Privacy notices should only solemnly transferred to third parties that are disclosed in the agreement.
- Keep a record of your activities. Keeping detailed records of work completed by your organization to fit GDPR standards is a great step when demonstrating your organizations compliance with GDPR.
What has changed?
- The GDPR now enables the the right for all of the information stored by any organization to be removed by controllers and processors. Controllers are now responsible for securely removing the information from their existing database and making sure that the data is deleted for the processors as well.
- GDPR now includes organizations who monitor emails of EU residents online. This includes recipients of such emails unambiguously consented to the monitoring of their behavior through the use of embedded tracking pixels.
- Once GDPR is in effect, organisations must report certain types of data breaches which involve unauthorized access to personal data. Organisations will be obligated to report any breaches which can result in damage reputation, loss of confidentiality or any other economic or social disadvantage.
If you have any questions about the GDPR or any questions regarding PersistIQ's security and privacy practices, please feel free to contact us directly via support.