The European Union General Data Protection Regulation (GDPR)Date: 20 February 2018
What is it?
The General Data Protection Regulation (GDPR) is a framework of policies on how organizations must protect the data privacy of individuals within the European Union (EU). These policies are currently governed by the Data Protection Directive (Directive 95/46/EC, established 1995). The GDPR goes into effect on May 25th, 2018 at which point Hey Oliver intends to be fully compliant with the requirements of the regulation.
Who does this impact?
The regulation impacts organizations that fulfill at least one of the following:
- • The organization is based in the EU and controls or processes personal data for individuals in the EU.
- • The organization controls or processes personal data for individuals residing in the EU.
- • Hey Oliver, as well as all marketing automation providers that have EU customers are therefore impacted by this regulation.
What do I need to do to prepare for GDPR?
No action is required from customers, specific to the data stored in the Hey Oliver platform. Hey Oliver intends to be compliant with all requirements for GDPR when it goes into effect on May 25th, 2018. If you use additional platforms that control or process personal data for individuals in the EU, reach out to your provider for guidance on what is required by your organization.
If you are an organization that controls or processes personal data for individuals in the EU, you should refer to the GDPR Key Changes for details on how this may impact your organization.
- • GDPR replaces the Data Protection Directive (Directive 95/46/EC) when it goes into effect on May 25th, 2018. The Data Protection Directive was established in 1995, and the reason for the push to GDPR are the vast changes that have occurred in technology and data since the time of its inception.
- • GDPR applies to all organizations that control or process personal data for individuals residing in the EU, regardless of the organization's location. Previously under the Data Protection Direction, there was ambiguity on applicability to organizations outside of the EU.
- • Valid consent must be explicit for collected data and the intended purpose. Using a confirmed opt-in list helps ensure compliance.
- • GDPR introduces Data Portability, requiring data controllers to provide individuals personal data concerning them in a commonly used and machine readable format.