… and some more about GDPR!

This post is also available in:

SimplyBook.me has prepared for 10 months for GDPR and has both dedicated security and DPO officers.

By: Reuben Yonatan

The General Data Protection Regulation (GDPR) is making waves all around the internet. Chances are, even if you have no idea what it is, you’ve had to sign some new user agreements to your favorite apps and social media. This article will serve as a quick primer for how it came to be and what it means for you.

The GDPR is a European Union regulation, not a law passed by the U.S. congress, but because the web is world wide, it covers any company that operates in Europe—essentially everyone, ranging from big names in tech like Facebook and Google to news organizations like the New York Times and NPR. Unlike previously existing regulations like HIPAA and Sarbanes/Oxley (SOX), which cover specific types of data (e.g., health, finance, etc.), this is sweeping regulation that protects the privacy of every user.

It also puts the onus on websites to comply with the very technical legal restrictions of the law, instead of giving you the thirty-page user agreement that you, of course, don’t read. The regulation passed on April 14, 2016, and there has been a two-year transition period before it was formally enacted.

What does “General Data” mean?

At its most basic, GDPR is a privacy law that protects all personal data. Quoting from the European Commission: “Personal data is any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

When data is collected, the user must be clearly informed of how that data is collected and how it will be used or sold. The data must be protected by making that data anonymous or associated with a pseudonym. The user is also allowed to see the data collected about them and, in many cases, have it erased (called “the right to be forgotten). Businesses must proactively protect data and report any breaches within 72 hours. Failure for non-compliance can be as small as a strongly-worded letter, but can be as large as a 20 million Euro fine.

Why is this important?

The aim is to change the web from a “wild west” of unrestricted data collection—in which companies make their money at the expense of users’ privacy—to a more regulated atmosphere that protects consumers. The goal is not to punish cloud service providers, especially small ones, but to push back against the potential ills of Big Data. After major data collection scandals like the Equifax leak and the morally questionable data mining methods of Cambridge Analytica came to light, it’s an idea whose time has come.

The Effects of the GDPR

What changes now that it’s in effect?

Within just a few days of the regulation taking effect, we are already seeing huge changes in the way the internet operates. Many websites have taken down ads to users with European IP addresses; others are shutting down temporarily; still other websites block the content unless you “agree” to waive liability—a clear violation of the spirit of the regulation. Facebook and Google specifically have already been hit with multi-billion dollar lawsuits, although whether those lawsuits will continue is something we will have to wait and see more about.   

What should I do about it? / Should I worry?

Before you start panicking, remember that these major issues and potential lawsuits are aimed at the largest targets first. While Google may get hit with a billion dollar lawsuit, your favorite vegan cooking blog isn’t high on the list. That said, the sooner that service providers comply with GDPR the better. Fortunately, SimplyBook.me has you covered.

SimplyBook.me reviewed and updated their policies in recent months. They have scrutinized their suppliers, and in some cases ended contracts with suppliers they deemed not up to their standards. Anyone within their organization that comes near personal data must prove they have a clean criminal record and also sign an NDA. They have taken a second look at their redundancy and data backup methods to make sure any deleted data is wiped fully. Furthermore, many of the high-end security features are now included in every package, including two-factor security for logins and tools to safely delete user data after a set period of time.

Conclusion

The big takeaway for you, the consumer, is that Cloud providers like SimplyBook.me are hard at work making sure you comply with the latest regulations, so you can continue to focus on your business. If you aren’t using SimplyBook.me, make sure your provider is up to date on national and international laws, and can meet those strict standards. The more confident your customers feel that their personal data is protected, the more confident they will be in your services.

About the author:

Reuben Yonatan is the founder and CEO of GetVoIP — trusted VoIP comparison resource that helps companies understand and choose a business communication solution for their specific needs. Reuben assists SMBs align business strategy with culture and improve overall corporate infrastructure. Follow him on Twitter @ReubenYonatan