With the European Union’s General Data Protection Regulation (GDPR) deadline fast approaching, our team has seen an influx of customer queries regarding how GDPR will affect both national and international teams, and what Dialpad is doing to promote compliance. In order to answer these questions it’s helpful to start with what GDPR is and why it was adopted in the first place.
GDPR was adopted by the European Parliament in April 2016 to replace the existing EU Data Protection Act, a law that was implemented long before modern cybersecurity and privacy concerns. GDPR aims to protect the privacy of EU citizens by regulating:
- - How businesses can collect personally identifiable information, such as names, addresses, email addresses, location data, IP addresses, and private health information.
- - What responsibilities these businesses have once data has been collected.
- - How data should be handled once it is no longer relevant for its intended use.
Once the new law goes into effect on May 25, 2018 it will directly impact hundreds of thousands of businesses that currently collect personal data or behavioral information from EU citizens. This is an important distinction to note, because it means even businesses based outside of the European Union will be subject to compliance or they’ll risk hefty financial penalties. As a company that serves many customers within the EU, we at Dialpad are included in that group and are actively taking steps to update our products and processes to be compliant by the May 25th deadline. Some of these specific steps include:
- - Clarifying our privacy policies and contractual documents to ensure transparency with customers regarding how their data is transmitted, stored, and removed.
- - Implementing transparent consent mechanisms to ensure current and prospective customers are aware of what their consent means, as well as the ability to request data removal at will.
- - Updating and enhancing data breach notification policies in line with the GDPR’s notification guidelines in the event of a data breach.
At the end of the day, we want to assure our customers that GDPR is not something to be afraid of, it’s a good thing! It will fundamentally reshape the way organizations approach data privacy for the better, and empower consumers to exercise more control over how their data is used.