You may have heard that there are new European regulations regarding the processing and protection of personal data, that all companies have to adhere to. We are also busy reviewing our operations in the light of GDPR. This article summarizes the measures GLI Solutions is taking to protect your personal data and how it will affect our communication.
What is GDPR?
The General Data Protection Regulation (GDPR) is a directive that harmonizes data privacy regulations across Europe, to protect all EU citizens data privacy and to reshape the way organizations approach data privacy. It’ enforcement date is the 25th May. By this time all organizations having a seat or operating within the EU need to comply with the regulations.
What does it mean for our company?
The new regulations require a different mindset regarding personal data handling. At all activities where personal data might be involved, we need to think ahead and determine whether it is really necessary to collect data, and which data do we really need. We also need to pay attention to ask for consent separately for each different purposes we plan to use the personal data for. We have to keep the user data up-to-date and delete any personal data after the goal of data collection has been accomplished. And last but not least, we have to be ready to provide the users information about how and which of their personal data do we keep and make modifications or deletion upon their request.
To help the organisation develop this mindset, we have nominated a Data Protection Officer that is responsible for the compliance with the legislation as well as for the training of our staff regarding GDPR.
Almost all of our departments are involved in the process. Sales, Marketing and HR mainly and of course the IT team that provides the technical background.
Marketing&Sales
Most of the requirements are not new for us. We’ve always paid much attention to the legal requirements regarding the usage of our websites, participation in our campaings and protecting personal data. All of our sites contain the necessary Terms of services, Cookie policies and we ask for consent regarding subscriptions. However, the new regulations are stricter then before, so we have to review all our documentation and also create some new.
GLI Solutions has 7 websites (incl. the company website, Térképem.hu and MAPCAT sites), and different marketing activities for each brand. Therefore we have to review all sites and all related activities, with special attention to the points where we collect personal data (e.g. newsletter, emails, online purchase, online marketing, analysis, etc.), and make changes when necessary.
HR
It has always been and will always be key to us to protect the personal data of our employees and applicants. So we pay special attention to comply with the local and European legislation regarding the personal data management of our colleagues. However, we might introduce new forms and ask for consent regarding the personal data management of applicants contacting us.
What steps do we take to comply?
- We have nominated a Data Protection Officer that is responsible for the complience with legislation and for training our staff regarding GDPR.
- We’ve renewed our internal policies and even created some new regarding personal data processing (Data Protection Policy, Personal Data Breach Notification Policy), that the whole company must follow.
- The whole team is busy reviewing all sources of personal data we collect and whether the information we provide to our users is extensive enough.
- We’re checking all our legal documentation – terms of services, privacy and cookie policies for each websites and correcting them if necessary.
What will it mean to our users?
First of all, more safety and transparency about the processing of their personal data. But, on the other hand, a bit more inconvenience due to new policies and checkboxes on each form of communication.
- We will introduce new cookie notifications on our websites;
- There will be more checkboxes on the webforms – e.g. when ordering products or subscribing to our newsletters;
- Contacts being in our database for some time will receive notification email and will be asked for renewing their consent for the data management.
- And in the unprobable event of data breach, the involved users will be notified as well.
Having many websites and various marketing activities, the changes will not come at once, but we are gradually updating all involved documents and sites.
One final notice:
The whole regulation came in effect to protect YOUR personal data. So please take care to read the privacy policies provided on the websites.