As of May 2018, the General Data Protection Regulation (GDPR) is in force. Created by the European Parliament, the Council of the European Union and the European Commission, it is being imposed on all members, with the aim of creating a harmonised data protection law framework across the EU and giving citizens back the control of their personal data. Strict rules are imposed on those hosting and 'processing' this data, anywhere in the world.
At iCapps, we deal with data in several ways. Like so many other companies, we have our own databases with personal information about employees and external contacts. For example, We use Bamboo to store employee information like addresses, personal email addresses, .... To give just a few examples of what the GDPR stipulates: we need to keep a detailed record of what kind of information we store on each platform, keep the information up to date and only store the information that we need for our purposes. We also need to be careful in how we use these data: for example, sharing people’s personal information without their explicit consent is not allowed.
But as a digital agency, we also often process data for our customers - making us so-called “processors”. And thirdly, we frequently work with other “processors” (parties who also deal with personal data). According to the GDPR, we bear the responsibility of verifying for ourselves that these companies are GDPR-compliant too. For example, it is our task to ensure that Amazon AWS, which we use to host several services for our customer, is compliant with the GDPR regulation. (For those interested, information about Amazon AWS can be consulted here and here.)
Needless to say, we are taking the GDPR very seriously, and we are undertaking several steps to be compliant by May 2018!
In order to do so, we are assisted by the legal advisors at QuaData to make sure that every aspect of our company is GDPR compliant.
Here are some of the measures we are already taking:
- We are raising awareness within the company and sharing knowledge, so that our team knows the basic principles of the GDPR, knows which measures they themselves can take to contribute to our GDPR compliance and knows who they can address if they have questions.
- We have set up a GDPR core team, who will be our in-house experts on the GDPR. They will be the central point of contact for our colleagues and customers when they have questions concerning the GDPR.
- We will be informing customers on the GDPR. While we cannot be legal advisors to our customers, as partners we can make sure that they are aware of the upcoming legislation, know where they can find information and legal advice (such as at QuaData), and know that we ourselves are compliant with the GDPR.
If any of our customers have questions about the GDPR: please feel free to reach out to us. We will be happy to reply to your questions or help you in finding information or assistance!