May 25, 2018, is a much anticipated deadline in countless companies around the world. When the General Data Protection Regulation (GDPR) comes into effect, all companies and institutions within the European Union (EU), or dealing with customers from the EU, have to meet the new requirements for data privacy.
Voluum has taken all the necessary steps to comply with the GDPR. It’s high time to make sure you’re compliant as well.
What is the GDPR?
Even though the GDPR is one of the hottest topics globally at the moment, it is nothing more than a tempest in a teapot, if you have taken the time to prepare properly.
As you probably realize, the EU already has a set of rules for data protection. It’s called the Data Protection Directive (DPD) and was issued in 1995. Now, the GDPR is set to replace it.
As a replacement for the DPD, the GDPR will mainly serve as an update and an expansion of the current directive. Here’s what it aims to achieve:
First and foremost, the goal of the GDPR is to enhance the protection of the personal data of EU citizens. It also imposes restrictions on companies that collect or process this kind of data. Additionally, it involves harsher-than-ever penalties for any violations in this field.
What is really important here, is that the GDPR doesn’t only affect companies within the EU but also those that aren’t necessarily located inside the EU but collect and use personal data from people in the EU (EU-located visitors).
In practice, one of the biggest changes that the GDPR brings imposes on data-collecting companies is the necessity to obtain a legal basis for processing of personal data.
What’s more, the GDPR will allow customers to request a copy of their data from companies and to receive it, in most cases, free of charge. They’ll also have the right to ask for the removal of their data and they can withhold their consent for data processing.
More information about the key changes brought by the GDPR can be found here.
Shared Responsibility for Data Security
Voluum has undergone an audit, and our GDPR-dedicated team will make sure we’re fully compliant before the May 25 deadline.
In the GDPR, however, companies are divided into data controllers and data processors, and both share the responsibility for data security.
Controllers are the ones who collect the data and determine the reason for processing it. This is you – a Voluum customer.
Processors (Voluum in this case), on the other hand, are the ones who process the data on behalf of the controllers.
As a data processor, our obligation is to provide you with a GDPR-compliant platform. That’s why Voluum enforces data privacy by design. By May 25, you will have received our updated terms and conditions, so you can see what has changed.
With that said, Voluum has already been incorporating various technologies and procedures to ensure the high security of the personal data processed with our platform.
Principally, we rely only on secure vendors who process personal data in compliance with the GDPR and ensure an appropriate security level. In that context, we use only secure cloud servers, including Amazon’s AWS for storing data. The AWS meets a variety of security standards, such as PCI-DSS, HIPAA/HITECH, FedRAMP, the EU Data Protection Directive, and FISMA. It’s also ISO 27017 and ISO 27018 compliant. Additionally, we have appropriate data protection agreements with our vendors.
Then, by default, we use Transport Layer Security (TLS) encryption. The TLS is a cryptographic protocol that ensures the overall security of data transferred over a network of computers. In other words, the connection between your browser and our servers is encrypted. This also encompasses the tracking of your campaigns.
Further security enhancements include the use of front-end and back-end firewalls. These monitor and control incoming as well as outgoing network traffic. In practice, they block any unauthorized attempts to access data.
Moreover, we work only with third-party APIs and SDKs that have the highest security standards. We rely on external companies, for instance, to deliver the customer support ticketing system.
Additionally, we are training our employees to produce not just quality code but code that is secure. Our company employs over a hundred outstanding developers and an entire team dedicated to security. We’ve also appointed a Data Protection Officer to make sure we emphasize personal data protection and stay GDPR compliant.
Finally, we have also drawn up a GDPR-compliant Data Processing Agreement to give you contractual protection. The documents, available soon, will be applicable by May, 25.
As a data controller, however, you must determine and obtain the legal basis for controlling the data and sending it through Voluum.
Voluum has introduced two new features to secure data privacy.
The first one is IP Anonymization. Click here to find out more about it.
The other is the Opt-Out option – a cookie allowing end users of your campaigns to reject tracking. You can read more about this feature by clicking here.
What Do I Need to Do?
Here is a short “to do” list for you to make sure you comply with the GDPR.
- Determine the lawful basis for processing personal data that fall under the new regulation. In particular, you need to check whether the GDPR requires you to obtain visitors’ consent or whether there is another legal basis for processing the data, such as a legitimate interest (learn more here). Remember, do not process any data for which you do not have a lawful basis to do so.
- Update your privacy notices to reflect the changes introduced by the GDPR and improve their transparency. Explain how you use tracking services or cookies technology. You may also wish to give your visitors’ optional privacy preferences.
- Determine a way for users to access their data.
- Double check the regulation, to make sure you’re fully compliant. Additionally, check out the GDPR Frequently Asked Questions.
When the dust settles, remember we’re here to assist you with any inquiries you may have about our role as a data processor as well as how we can help you stay GDPR-compliant.
So keep calm, and enjoy tracking with Voluum once the GDPR is in force as much as you have so far!