If you take a look out of your window, you won’t see one of the biggest changes happening right now, because it’s happen on the digital, rather than the geographical landscape. This seismic shift affects you, me, our company, and everyone who has any interest in data protection and online privacy…which is more or less everyone with a digital footprint, or technology company such as ours.
Data protection, and this new legislation policing it, is monumental and far-reaching…
Put simply, it’s local, it’s global, it’s serious, and it’s worth discussing.
It’s not something that you will want to overlook, and it’s certainly something everyone at Appnovation is keeping up to date with. Whether it’s our clients’ data, or our ability to deliver a digital solution, which enables companies to protect their own information, Appnovation takes this issue seriously.
Essentially, and by way of an initial synopsis, the “GDPR framework will ensure that any private sector organization that carries out “regular and systematic monitoring of data subjects” (as part of its principal business activities) will be required to employ a DPO by the May 25th, 2018 enforcement date.4 This includes American and Canadian companies that routinely process large- scale or sensitive EU data*”.
One of the recent announcements made by the European Union is set to have a global reach with unprecedented regulations regarding data protection. Put simply, this is something which will effect every organization that processes EU citizens’ data, whether processed within or outside Europe. This is of particular significance to global companies, just like Appnovation.
The General Data Protection Regulation (GDPR) is a far reaching piece of legislation and, as a company that champions open technologies, it is incumbent upon us to ensure that we are at the forefront of adopting and observing anything that keeps our own data, and that of our clients, inside a virtual Fort Knox.
When we work with clients, we obviously have access to the back end of their website which, in turn, means that we have access to information, often critical information. It is imperative that Appnovation have and maintain the trust of each and every client, specifically in terms of protecting their data.
The new GDPR legislation is ultimately concerned with data privacy in the EU, but, as shown in a recent white paper, companies such as ours, with a Canadian headquarters and North American offices in addition to our (European and Asian presence) must take special notice: GDPR Applies to Many American and Canadian Companies....
Within the EU, businesses that collect individuals’ personal data are called “data controllers” and any use of personal data is called “processing.” Data controllers may use “data processors,” such as cloud service providers or billing companies to handle personal data. The individuals about whom data is collected are called “data subjects.” Historically, the Directive only applied to controllers of personal data.
However, GDPR’s expanded jurisdiction applies to the processing of personal data of all EU residents, even if the controller or processor is located outside of the EU. American and Canadian companies that sell goods and services to EU residents will be subject to GDPR.
Not only this, there is also the suggestion that companies may have to hire dedicated Data Protection Officers, adding another layer of complexity to this security. Appnovation already has stringent data protection policies in place, all of which are represented within client and project contracts. That said, collecting any and all data, be it from incoming marketing leads, direct email campaigns, or website inquiries,
Appnovation will also need to consider another seminal element of this legislation, namely, the fact that companies will be required to obtain unambiguous consent when collecting EU personal data, from things such as ‘contact us’ forms, for example. “For websites, this will require the checking of a box or other technical con gurations to clearly indicate the data subject’s acceptance of the terms of processing. Companies must also build in new personal data protections in the form of identity-masking techniques such as “pseudonymization,” which makes individual identification more difficult. Employees should be trained in these practices, and companies must regularly audit the data they maintain and document the reasons for its collection”
Additionally, all uses of high risk data will be subject to a privacy impact assessment to account for the risks of processing and to identify potential safeguards.
Ultimately, Appnovation will not only be compliant with this legislation, we will continue to promote both open technologies which deliver the ultimate in data privacy protection for both ourselves, our clients, and all related parties. *GDPR: A New Data Protection Landscape (White Paper, July 2017 https://focal-point.com)