GDPR goes into effect on May 25. Do you know what it is?
If you’re in the U.S., maybe not. But this policy is already shaping the way companies around the globe are handling sensitive information—which could include yours.
GDPR stands for the General Data Protection Regulation, a sweeping new set of laws under the European Union. They standardize and modernize how individuals and organizations may obtain, use, store and eliminate personal data (information that could be used on its own or in conjunction with other data to identify an individual). Any organization that processes the personal data of EU citizens, regardless of where the data is processed, is subject to the law.
While many current provisions remain in place, the law builds upon it with:
- An expansion of the scope of data protection regulations (the law now extends to both the processors of data and the controllers)
- Expansion of individual rights
- Expansion of definitions of personal and sensitive data
- Stricter personal information consent requirements
- Stricter personal information processing requirements
The new regulations apply to any organization that handles the data of European citizens (no matter where they are based) or anyone else living in Europe—U.S. citizens included.
Granicus has been diligently working to ensure all our systems are ready for GDPR. Rather than roll out separate policies for EU and non-EU customers, we have decided to extend the EU’s personal data requirements to everyone.
All of our solutions have always complied with data protection laws. But we’re also strengthening them to meet these new protections:
- We have improved the sign-up process for citizens subscribing to our clients’ services that create even clearer links to privacy policies and opt-in statement
- We are honoring the “right to erasure,” also known as the “right to be forgotten” while retaining clients’ ability to interrogate message and engagement data
- We are reviewing our internal processes, procedures and responsibilities to ensure they all meet GDPR’s requirements
Want more resources on GDPR? Check out these links from our Granicus UK site [Please note that the tips here may not apply to your organization, but they do represent best practices for handling personal data]: