The EU General Data Protection Regulation (GDPR) became effective across all European Union member states on May 25 2018. Known as the biggest reform in data protection legislation for over 20 years, GDPR has created new responsibilities for data processors and businesses alike, and focuses on how you handle personal data. EU based companies, or those who store data on European citizens, will need to fully comply with the regulations set out by GDPR. And so, you may have been curious about how the new regulations affect you as a business.
When it comes to our customers’ data, Resova has always been respectful in that selling customer data to a third party is something that is strictly forbidden.
Ever since GDPR came into effect, we here at Resova have done everything within our power to make sure that any customer data always remains fully secure. In order to achieve just that, we have adopted numerous policies to ensure that the requirements of GDPR are fully complied with.
Overview of GDPR
In terms of data protection regulation, GDPR is the biggest reform since the 1995 Data Protection Directive. Affecting any business that is either based in the European Union or one which stores data of EU citizens, GDPR grants any EU citizen with particular rights when it comes to the handling and storing of their personal data. The GDPR factors which affect our customers the most includes the following:
- Right of Consent: Businesses are obligated to ensure that customers are fully aware of how you store and process their data before it is captured.
- Right of Access: Customers have the right to request information on how their data is stored and whom it is shared with. A response must be received within 30 days.
- Right of Rectification: Incorrectly stored data is corrected within 30 days after a customer request.
- Right of Erasure: Customers must have the option to have their personal data removed from business records. This must be completed within 30 days.
What Resova Has Done to Be Compliant with GDPR
Resova took the necessary steps to ensure that we were fully GDPR compliant prior to the 25 May deadline. This ensured that any of our EU based customers could continue to use our service. The steps that we have taken includes the following:
- Reviewed relationships with suppliers and third-party vendors to ensure that each of them are fully compliant with the GDPR.
- Mapped out the data capturing process, in addition to mapping out how data is stored and processed within our company.
- Reviewed the internal policies of our business when it comes to accessing and processing data. This includes restricting who within our business can access any data and under what particular circumstances.
- Implementation of new product features which allows us to be fully GDPR compliant, in addition to ensuring our merchants are able to respond to any requests for accessing data, rectifying data, or the erasure of data.
Where Your Data is Stored
Resova ensures that hosting providers and other cloud service providers we work with are fully compliant with GDPR themselves. Prior to 25 May 2018, all data of EU citizens on Resova was stored in either:
- The European Economic Area (EEA); or
- A European Commission approved country which provides adequate protection of data (including via Privacy Shield agreements); or
- To service providers whom we have an agreement with which is fully compliant with the European Union defined Model Contract clauses.
What More You Can Do
GDPR is a major and comprehensive reform of the way data is stored and processed. For that reason, you’ll find that there are plenty of online resources at your disposal. Each of these resources will allow you to better understand how GDPR affects your business. Researching appropriate guideline documents is a good starting point, in addition to consulting with a lawyer or an advisor if you feel this is appropriate for your business.
Resova gradually worked our way towards complete compliance with GDPR by taking any necessary steps. However, you should not simply assume that your business is fully GDPR compliant by default. All businesses within the European Union need to have procedures in place to ensure that any breaches of data policy do not occur. Here are some additional steps which you as a business owner can take to ensure full compliance with GDPR:
- Any suppliers or other technology companies you work with should be contacted to ensure they have taken the steps to become fully GDPR compliant and handle your customers’ data appropriately.
- Review the level of permission for each of your staff members who are on Resova – making sure that they are only able to access customer data as and when necessary.
- Ensure staff are fully aware of GDPR. This will mean that they access to customer data can only be used to the minimum amount necessary. This also makes sure that inappropriate use of customer data does not occur.
- Review how personal customer data is handled and take note of any changes which need to be made to comply with GDPR standards.
- Ensure that you fully understand where customer data is stored on your system. This will allow you to respond to any customer requests for accessing or rectifying their data.
- Keep a full record of any steps which were undertaken to meet the requirements of GDPR, and share each of these steps with your customers in writing.
We advise that you contact a lawyer or a regulatory compliance consultant to review your processes if you have any further questions about GDPR compliance. This will allow you to fully understand the steps which need to be taken to ensure your business is fully GDPR compliant.