As more security breaches and data thefts by hackers come to light, consumers are demanding increased transparency and responsiveness from companies that process or store their data. In fact, in a survey conducted last December, 62% of respondents said that in the event of a breach, they would blame the company — not the hacker — for their lost data.
In response, the European Parliament approved the General Data Protection Regulation (GDPR) to protect EU citizens and residents from privacy and data breaches.
As it affects Spatial Networks and Fulcrum users, we thought it might be useful to explain what the GDPR is and what we are doing to comply with the new rules.
The GDPR replaces the outdated EU’s Data Protection Directive, which went into effect in 1995 — long before the internet was the business ecosystem that it is today. It standardizes data protection law across the EU and imposes new, stricter rules on how personally identifiable information (PII) is processed and stored.
The new rules take a broad view of what is considered PII. This includes:
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Under the GDPR, companies’ requests for consent must use clear and plain language — they can no longer use terms and conditions full of legalese or other unintelligible verbiage — and it must be as easy for customers to withdraw consent as it is to give it.
Organizations will also be required to institute a breach-detection plan, regularly evaluate the effectiveness of security practices, and document evidence of compliance. They must also notify their customers “without undue delay” as soon as they become aware of a data breach. Failure to comply with the new rules may result in heavy fines.
The GDPR applies to all companies that process the personal data of EU citizens, regardless of that company’s location. According to a PwC survey, 77% of U.S.-based companies expect to spend more than $1 million meeting GDPR requirements.
The GDPR was approved in April of 2016, but organizations were given until May 25, 2018, to comply.
Ahead of that deadline, we are introducing several changes:
- We’ve also reorganized our Terms of Service to include language covering Fulcrum Community as well as Fulcrum’s standard subscription service. This means that all Fulcrum users are covered by the same Terms of Service, regardless of how they are onboarded into the system.
We hope these changes make things a little easier for all our customers and reflect our commitment to protecting personal information. If you have any questions, please send us an email and we’ll be happy to help!