On May 25, 2018, the General Data Protection Regulation (GDPR), a European privacy law that sets a high standard for privacy and compliance, will go into effect.
If you’re a marketer, you already know about this. But you might be wondering how LeanData is handling this situation. Good news: we’ve been preparing for GDPR compliance for some time, and LeanData will be GDPR compliant well before the May 25 deadline.
Today, I’ll cover a few frequently asked questions to help address your GDPR concerns.
What’s the GDPR?
The GDPR is an European Union-created privacy law that regulates how individuals and organizations can collect, record, store or erase personal data. It was adopted in April 2016, but will begin being enforced on May 25, 2018.
Will the GDPR apply to my business?
All organizations that process the personal data of EU citizens, even if they aren’t based in the European Union, will need to become GDPR-compliant, which means providing expanded rights to individuals and being stricter on consent and processing requirements.
What does “processing” mean in this context?
The GDPR states that processing is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
It’s a broad description, and so if at any point your business or your customers touch the personal data of EU citizens, you fall under the GDPR’s wording.
Do I need to comply?
Non-compliance sanctions can be up to 20 million euros, or 4 percent of global annual turnover, whichever is higher.
What is the difference between a data processor and a data controller?
A controller determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
What steps is LeanData taking to be compliant?
At LeanData, we’ve been anticipating GDPR since before GDPR was announced. In fact, LeanData’s products have never stored personal identifying information (PII). That data stays within customers’ Salesforce instances and will only be processed within those Salesforce organizations, as LeanData is a Salesforce partner with a 100% native managed application.
Meanwhile, we’ve been reviewing our internal data processes and systems for full compliance by May 25, including reviewing our vendors and requesting DPAs for compliance. We’re also reviewing our lead processes to ensure explicit consent has been collected for marketing-related data going forward.
Bottom line, LeanData has always taken its customers’ privacy extremely seriously, and GDPR only validates our belief that privacy is paramount with any data. If you have specific questions about the GDPR and your use of LeanData, you can e-mail firstname.lastname@example.org.