On May 25, 2018, the European Union introduces general rules for the protection of personal data (the EU General Data Protection Regulation (GDPR)), which determine the procedure for processing personal data.
What does GDPR mean?
GDPR are the rules for the protection of personal data that will apply in all EU countries. The GDPR replaces the 1995 Directive and introduces the most significant data protection changes over the past 20 years.
Technology changes rapidly, the amount and types of information increase. The goal of the GDPR is to introduce uniform standards in all EU countries, which will facilitate the international activities of firms, as well as tighten control over personal data, providing all the tools for full control over personal information.
This means that you can better protect your personal data, and companies will have to follow the new rules.
How we store your data
Protecting personal information has always been a priority in GetResponse. By developing and implementing services and applications, as well as by administering the system, we strive to offer solutions that meet the most stringent standards in the industry. You can be sure that we take the issue of data processing very seriously and store personal information securely.
That is why we implemented the GDPR Compliance Implementation Plan last March, more than a year before the new rules came into force.
Our GDPR Plan
In March last year, we implemented the plan and practically implemented it! The first step was the creation of a specialized team to monitor the stages of work under the leadership of our legal department and information security officer who will perform the functions of an official for the protection of personal data (DPO) when the GDPR enters into force.
Our work includes the following:
- implementation of a common strategy to ensure the implementation of the rules of GDPR;
- definition and audit of our practices in the field of personal data processing;
- creating a site for posting updates and rules for the protection of data, announcements and sources of information;
- creating a special Email address to receive requests for cash. data protection;
- changes to our services to comply with all the new rules kas. data protection;
- changes in internal and external procedures, confidential documents;
- appointing a personal data protection officer;
- compliance with approved rules or certification;
- final check.
Two points of our plan operate constantly and have always been an integral part of the GetResponse security policy:
- testing and verification of compliance.
We constantly conduct trainings and meetings to ensure that the information security team is always aware of new rules or changes, as well as the best security solutions.
Additionally, we are working on creating a walkthrough that will acquaint our clients with the GDPR in detail and explain how to prepare a GetResponse account, observing the new rules (Note: the English manual is ready, you can download it here )
Below you can find fragments that will help you understand the GDPR.
Will GDPR have an impact on my work?
If you are an operator of personal data or process personal data, you are in the zone of the validity of the GDPR.
GDPR concerns you if:
- you are the operator of personal data or process personal data and are in the EU,
- You are outside the EU, but are processing data from EU citizens. This also applies if you are selling goods or services (offer free), monitor the behavior of users located in the EU.
How can I find out if I offer products or services to EU citizens?
- You use the language or currency of one or several EU countries, help people who live there to familiarize themselves with your proposal;
- You mention clients or users that are located in the EU;
- You clearly target your offer to EU citizens.
On the other hand, you may not need to follow the rules if you only have a website, Email address or other contact information that is available in the EU, a language in general use in your country (and not used in other EU countries).
How does the GDPR affect me?
It should be remembered that even before the GDPR, you had to follow the rules for processing personal information.
GDPR simply means that data controllers should take a more serious approach to the issue of personal data processing within the law. They must also provide information on how the data is processed and ask for consent. If data processing is not carried out according to the established rules, they should notify the supervisory authorities and personal data subjects as soon as possible.
Unlike the previous rules, the GDPR directly addresses personal data processors and determines how they should act.
If you have a GetResponse account, you are the controller of your personal contact information. Therefore, it is you who decide why and how this information will be processed. This means that you are bound by the obligation of the GDPR.