Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Download PDFDownload PDF
Blog

Is Your Business Prepared for the GDPR?

/
January 11, 2018
Blog

Is Your Business Prepared for the GDPR?

MIN
/
January 11, 2018
About the Episode
Episode Highlights
Meet our Guest

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Blog

Is Your Business Prepared for the GDPR?

Blog

Is Your Business Prepared for the GDPR?

Panelists
No items found.
Introduction

Great, thank ya!

You can now access the content.
Download NowDownload Now
Oops! Something went wrong while submitting the form.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Panelists
No items found.
Infographic

Is Your Business Prepared for the GDPR?

Find out what you should know, how you should prepare for the new data privacy laws and how to ensure your organization is in compliance.
Download InfographicDownload Infographic

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Collecting payments with online forms is easy, but first, you have to choose the right payment gateway. Browse the providers in our gateway credit card processing comparison chart to find the best option for your business. Then sign up for Formstack Forms, customize your payment forms, and start collecting profits in minutes.

Online Payment Gateway Comparison Chart

NOTE: These amounts reflect the monthly subscription for the payment provider. Formstack does not charge a fee to integrate with any of our payment partners.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
WePay
ProPay
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
$0
$4
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
$2.9% + 30¢
$2.6% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
USA
USA
Currencies
11
2
23
140
25
23
25
135+
1
1
Card Types
6
13
Based on payment gateway
5
9
9
5
6
4
4
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
None
$500 per transaction
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Disclaimer: This article is not intended to serve as legal advice. If you're preparing to comply with the GDPR, it's up to you and your own legal counsel to determine how these privacy laws apply to your specific business.On May 25, 2018, the most impactful data privacy law update in 20 years will take effect. The EU General Data Protection Regulation (GDPR)—developed to harmonize data privacy rules across Europe and provide heightened protection for EU citizens—is forcing businesses to closely examine and enhance their data management practices.The EU Parliament approved the GDPR after four years of preparation and debate, and the 2018 enforcement date comes after a two-year post-approval grace period. Even so, many businesses are still working to bring their practices into compliance. Is your business prepared?If you collect, process, or store the personal data of EU citizens, you’re obligated to comply with the GDPR legislation. To help you fast-track your preparations, here’s a crash course on the GDPR.

What You Should Know about the GDPR

The GDPR is a set of regulations that mandate highly transparent and secure collection of EU citizens’ data. The legislation protects personal data, such as names and email addresses, as well as sensitive data, such as biometric identifiers and political views. It also gives users control over their data. If you’re looking to get up to speed on the GDPR, here are three things to note:

  1. Its impact is more widespread than you might think.
  2. The consequences for noncompliance are hefty.
  3. The provisions fall into four high-level categories.

Let’s explore these areas a bit further.

1. Impact

Compliance with the General Data Protection Regulation is not limited to businesses located within the European Union. The GDPR applies to any organization that collects, processes, or stores personal data from those in the EU. Even if your business is based in the United States or somewhere else outside the EU, you’re still subject to the GDPR regulations if you offer products or services to EU citizens.

2. Consequences

If your business fails to comply with the GDPR after the May 2018 enforcement date, it could cost you detrimentally. Organizations found in breach of GDPR laws could be fined up to 4% of their global annual turnover or €20 million—whichever is greater. Additionally, there is much speculation that enforcement will be heavy-handed early on to encourage companies to become compliant quickly.

3. Provisions

The overarching principle behind the GDPR is transparent data handling that gives users control over their data. The main provisions within the legislation can be grouped into four high-level categories: communications, consent, data security, and breach notifications.First and foremost, the GDPR mandates transparency and clarity for all communications related to the collection of personal data. This means anytime you collect information from EU citizens, you must ensure they know exactly how you plan to use their information. Where will it be stored? Will it be transferred to a third party? You’re obligated to answer these questions and more. You also need to have documented privacy policies that can be accessed and understood with ease.Along with clear communications, you must provide users with opt-in consent. Gone are the days when it’s okay to pre-select the email consent box to offer opt-out consent. With the new laws, users have to provide distinguishable consent for your business to use their information, and the consent language must be informed, specific, and unambiguous. You’re also obligated to inform users of their right to access their information or withdraw consent at a later date. Additionally, if your organization wants to use collected data for a purpose that was not defined at the time of original consent, you must get updated consent from affected users.

consent

Secure storage of collected data is also a big piece of the GDPR. To comply with the law, your organization must implement appropriate security measures to protect stored data from unauthorized access, disclosure, destruction, or alteration. You must also have a documented data retention policy that states how long your organization will retain a person’s information and provides lawful business reasons for the retention period.Should a data breach occur, your organization has a much greater notice obligation under the GDPR than other data privacy legislation. If there is any sort of loss, alteration, destruction, or unauthorized access of the personal data you control, your organization must notify authorities of the breach within 72 hours.

What You Should Know about the Privacy Shield

If you own or operate an American business, you should be aware of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The EU-U.S. framework essentially replaces the previous data privacy and protection standards known as Safe Harbor, which certified that businesses were providing adequate protection of personal data transferred from the EU to the United States.The General Data Protection Regulation mandates that personal data leaving the EU only be transferred to countries that have adequate data protection laws—or laws that provide protections similar to those laid out in the GDPR. The Privacy Shield allows U.S. organizations and their EU partners to comply with this piece of the GDPR. Thus, if you are a U.S. company affected by the GDPR, you must also ensure you are in line with the Privacy Shield in order to be in full compliance with the GDPR.

How to Ensure Your Organization is in Compliance

To transition your organization to compliance with the GDPR by May 25, 2018, you’ll need to walk through several (likely cumbersome) steps. To make it easier, the Information Commissioner’s Office in the United Kingdom put together a 12-step guide to preparing for the GDPR. Here are a few of key tasks you need to complete:

  • Audit your data management practices. What data do you have? Where is it stored? Do you share it with anyone? Do you have a lawful reason for collecting it?
  • Ensure you have the necessary policies and procedures in place. Is your privacy policy accurate, accessible, and easy to understand? Does it cover all user rights? Do you have a data retention policy? Do you have a procedure in place for providing requested access to information? Do you have defined procedures for preventing and addressing data breaches?
  • Update your forms to include proper consent language. Is your intended use of the collected data apparent? Is there a clear opt-in section? Have you given users enough information to consent?

Conclusion

The General Data Protection Regulation is forcing businesses to adopt best practices in data management as they work toward responsible, transparent data handling. While bringing your business into compliance likely won’t be an easy road, being a part of a unified data security scheme will be beneficial. In fact, according to Amy Saunders, media law expert and Northwestern University in Qatar associate professor, “the GDPR is certainly the most stringent mechanism for data privacy protection...so any business that is preparing to comply with the GDPR should be in good stead throughout the world with data privacy.”Formstack has always made every effort to protect the personal data of EU citizens through previous Safe Harbor legislation and model clause updates. As such, we plan to be in full compliance with the GDPR by May 25.

Meet The Host
CEO of
Connect
Chris is on a mission to turn people into great leaders. He's passionate about helping problem solvers see more value in the work they do every day.