The EU General Data Protection Regulation (GDPR) will be one of the most important pieces of European privacy legislation in the last twenty years. It aims to replace the EU Data Protection Directive of 1995, strengthening the rights that EU individuals have over their data, and harmonizing inconsistencies across the various European jurisdictions. Perhaps most importantly, it is a signal to the rest of the world that user privacy should be of paramount concern to all companies.
Prospus will comply with applicable GDPR regulations as both a data controller when the law takes effect on May 25, 2018. According to the regulation, the data controller is the organization or individual who collects personal information from any EU citizens and uses that data for any reason whatsoever. More specifically, we are considered a data controller because we meet some or all of the following criteria:
- We decide whether to collect the personal information of our customers, site visitors, clients, or others.
- We have the legal authority to do so.
- We decide what information to collect.
- We have the ability to change or modify the data that we collect.
- We decide when, where, and how to use the data that we collect and for what purpose.
- We decide whether to keep the data in-house or share it with third parties.
- We decide how long the data is kept, and when to delete it.
As a data controller, we will be responsible for complying with the following GDPR requirements:
- Comply with the GDPR.
- Demonstrate compliance.
- Work with compliant data processors.
- Maintain records of processing activities.
- Cooperate with GDPR authorities.
- Consider security in all processing activities.
- Notify all affected entities in the event of a data breach.
- Notify individuals of any personal data breach.
- Conduct data protection impact assessment for high-risk processing activities.
- Consult Authority in case of high-risk processing activity.
- Designate a Data Protection Officer (DPO).
- Involve DPO in processing assessments.
Beyond our own compliance, we will work with each of our clients to help them attain GDPR compliance for solutions they have built with Prospus. We have set a goal at Prospus to not only be compliant ourselves but to achieve full compliance for our past clients. Additionally, we will be offering a GDPR compliance service to our existing and future clients before the GDPR goes into effect.
At Prospus, we always strive to deliver the best customer experience. We will continue to make additional required operational changes, keeping our clients, partners and regulatory authorities informed. With this commitment, we are not only committing to obligatory legal compliance but furthering our existing commitment to protecting the privacy of our users, and the users of the solutions we build. Prospus has long predicted the rollout of country-specific privacy laws. In anticipation, we have designed and built perhaps one of the most forward-looking platforms with Prospus Universe. Privacy considerations can be directly written into the code to trigger certain actions, handling privacy preferences. With the GDPR legislation now available for review, we are simulating all use cases with our Prospus Universe platform, giving us the option to offer our customers GDPR-compliant solutions from the ground-up.