You get it. We get it. Even people who aren't affected by it are talking about it. Everyone everywhere is discussing compliance and the new European Union GDPR (that's General Data Protection Regulation in case you missed it) is going into effect this week. That's right - this Friday, 25 May 2018. It has serious compliance implications for any organization collecting customer data. Which, well, is nearly everyone. At Absorb, we have been gearing up for GDPR. When it comes to your favorite eLearning solution we want you to know that we've got you covered.
Provide You with the Nitty Gritty You Say? Then Keep Reading...
The Transformation of How Personal Data is Defined
There are 6 categories of personal information that you should know about in this world of GDPR:
- Historical: An individual's personal history (duh).
- Financial: Financial accounts, ownership, transactions or credit information.
- Social: Personal or professional networks, family members, public life and communication.
- Tracking: Anything from computer devices like iPhones or laptops to contacts and location.
- External: Identifying information including ethnicity, sexuality, behaviour, medical history, etc.
- Internal: Knowledge and beliefs, passwords and identifiers and personal preferences.
New Organizational Requirements
There are plenty of factors to keep in mind when diving into GDPR. Here are 3 to get you started:
- Increased Geographic Scope: The new rules apply to any entity dealing with customers located in the European Union. It no longer matters where your company is located.
- Higher Penalties: Non-compliance is expensive (think really expensive) with fines totalling up to 4% of annual global turnover or 20 Million Euros, whichever is greater.
- Required User Consent: Stronger consent requirements, and greater rights for individuals mean significant planning for those collecting data.
The New Customer Rights Under GDPR
New customer rights are vast and include:
- Breach Notification: Timely notification of any data breach, now within 72 hours.
- Right to Access: Complete access to a copy of all collected data, free of charge.
- Right to be Forgotten: Ability to request erasure of all collected personal data.
- Data Portability: Ability to request data in a usable format to transmit to another provider.
- Privacy by Design: Expectation that providers will minimize data collection, retaining only what's essential for task completion.
- Data Collection Officers: Standardization of record keeping, and the potential appointment of a Data Protection Representative.
What Is a DPA and Where Can You Get One?
Sadly, you can't run to your local store and pick one up. If you are subject to GDPR, you will need to have an appropriate Data Processing Agreement (DPA) in place with some third-party companies you share data with.Companies like us - Absorb. You may want to send completed DPAs to compliance@absorblms.com if your organization is:
- Established in Europe and conducts business in Europe
- Established out of Europe and conducts business in Europe
Want more details about GDPR? Simply get in touch with our team at compliance@absorblms.com.