By now, you've probably heard of the General Data Protection Regulation (GDPR), one of the most significant pieces of data protection legislation ever, that will become enforceable on May 25, 2018. The GDPR is an attempt to strengthen, harmonise and modernise data protection law and enhance individual rights and freedoms, consistent with the understanding of privacy as a fundamental human right. The GDPR applies to any organization that uses the personal data of people located in the EU.
If you have users of your product or service in the EU, the GDPR will apply to you. You should consult with a GDPR specialist regarding the full scope of your compliance obligations.
With the GDPR comes massive financial penalties. Fines for non-compliance can be anywhere up to 20 Million Euros (25 Million Dollars) or 4% of global annual turnover, whichever is higher.
WhatConverts welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe and as an opportunity for us to strengthen our commitment to data protection. As such we have undertaken the following:
When we provide software and services to an enterprise, we’re acting as a ‘data processor’ for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we only process personal data on your company’s authority and instructions.
As the ‘data controller’, you will determine the personal data we process and store on your behalf.
We understand that compliance with the GDPR requires a partnership between WhatConverts and our customers in their use of our services and we look forward to working with you on this important new regulation.
You will typically act as the data controller for any personal data you collect in connection with your business. The data controller determines the purposes and means of processing personal data, when you choose which one of our services you use you are deciding the purpose (what to do) and means (who you get to do it, ie. WhatConverts).
Data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers' obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation and accuracy, as well as fulfilling data subjects' rights with respect to their data.
If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable) or going to https://www.eugdpr.org/.
You should also seek advice from a GDPR consultant relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice.
As a data ‘Controller’ the following are some tips on where to start your compliance journey:
Again, do not take this as legal advice and we recommend you consult a specialist to obtain legal advice specifically applicable to your business circumstances.