Over the last few months, GDPR has grown to become one of the primary concerns of businesses in the EU, and a word of the mouth across the globe. Following a series of gargantuan scandals around data leakage involving such media giants as Facebook, the issue has been escalated to touch upon the interests of any user of any digital product or service, anywhere in the world.
So what is GDPR?
Strictly speaking, General Data Protection Regulation, or GDPR, is a set of European Union laws regulating the ways user data is gathered, processed, and distributed online. With so many apps, services, and software being marketed, companies are gathering excessive amounts of data a user can be identified by, which nowadays equals gold in the digital world.
This information can include name, credit card information, geographical data, online identifiers, biometric data, and any information on the user’s identity (physical, physiological, genetic, intellectual, economic, cultural, social, racial, sexual, religious, political, ethnic, labor, or any other). All of the above falls under GDPR legislation–and is therefore protected from unauthorized usage.
While the Directive of the EU Parliament on protection of the personal data, and the first iteration of the GDPR have been in operation for years, as of May 25th, 2018, new legislation will be enacted, introducing several important updates businesses should comply with.
Let’s briefly take a look at these changes:
- First and foremost, the new laws are becoming exterritorial. This means that they touch upon any organization providing services or distributing products to the EU citizens, regardless of the businesses’ actual or legal address. In other words, even if your company is located or officially registered, say, in China–if you are providing to the EU market, the laws still apply, and you should abide. No exclusions.
- The responsibility for violating the rules of data processing imposed by GDPR has been tightened. Organizations that contravened these rules will be fined €20 mln., or 4% of their global yearly income.
GDPR also applies to the organizations that monitor the behavior of the subjects of information. This means that those companies that were created outside the EU, but still track EU citizens’ digital activity, or use any processing methods to profile the data on the subjects (including their activity, or personal identity), must comply with GDPR.
Needless to say, the agiotage around this topic has stirred the minds of many users, raising the concerns about the privacy of their own data–and how the organizations they are already involved with will operate the data they already possess.
How NerdPeople handles personal data?
Here at NerdPeople, we value trust relationships with our clients above all. Since we provide a wide spectrum of digital services, and never employ a one-size-fits-all approach, delivering high quality solutions would be impossible without the access to the relevant user data. However, we also understand that there is no better way to lose trust than to misuse the information that you willingly agree to share with us. Your customer experience has always been, and still remains, our ultimate concern.
Hence, we strictly follow all of the principles of GDPR compliance:
- Lawfulness, fairness and transparency. We will clearly inform you which information we need, why we need it, where exactly it will be used, and how we will process it. Most importantly, we’ll deliver the message in a language you won’t have to decypher.
- Purpose limitations. We will only gather the data we need to complete the task, and only use this data for the purposes we declare.
- Data minimization. We will not gather excessive volumes of data–just the benchmark we need to deliver our solutions.
- Accuracy. In case some of the personal data we gather is inaccurate, we will inform you, and you will decide, whether this data should be corrected or deleted.
- Storage limitations. We will store the data for the exact time period we agree upon with you, which equals the amount of time we require to carry out the task.
Integrity and confidentiality. All of the data you share with us is secured and protected, and we guarantee it will remain so throughout our partnership. We ensure no unauthorized or illegal processing, damaging, breach, or removal of your data occurs.
The fundamentals of NerdPeople data processing:
- We will only gather and process your information after we receive your authorization. We will always provide a transparent option to agree or refuse to share the data.
- We can always request us to provide any information on our data gathering and processing mechanisms (which data we gather, for which purpose, how we obtain and operate it, where it is processed, and who has access to it)
- At any point in time, you can request us to stop processing your data, or erase it from our database completely.
- Upon your request, we can provide a free electronic copy of your data to third-party organizations.