GDPR readiness - DemandJump
by Brad Wilson, on April 4, 2018
In recent years, we have seen a growing cultural movement around information privacy, with many internet users calling for a higher commitment from businesses, as well as legislative and regulatory protection from governments. Recently, residents and lawmakers of the European Union passed a major legislative victory for data privacy advocates called the General Data Protection Regulation (GDPR).
This landmark, comprehensive privacy law takes effect in the EU on May 25, 2018. The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data.
From an internet user standpoint, this policy only affects those people located within the jurisdiction of the EU. However, companies that do business in the EU - regardless of where they are located - must also abide by the same rules, which has left many in the global technology industry reeling to meet these strict privacy standards by the May 25th deadline.
The GDPR is one of the first major legislative acts of its kind, but it certainly won’t be the last. The question is not whether the United States and others will pass a similar bill, but when.
At DemandJump, we have always believed in and respected the privacy of internet users, and we hold ourselves accountable for individuals' rights to privacy and security. We also understand there is some sensitivity around data right now, and, well… we love data.
The truth is, data can be an amazing asset when used and handled responsibly, helping to automate, expand, speed up, and generally improve the world we live in. But those improvements should not come at the risk of individuals' privacy.
Luckily for everyone, they don’t need to.
What is Data Privacy?
Check out this video from our very own Brad Wilson, Director of Engineering and Data Protection Officer at DemandJump about data privacy and GDPR.
In the context of GDPR - and the broader discussion about data privacy - the main goal is to put control over personal data back into the hands of individuals. This means that if any individual does not want to be recognized or known by a data consumer, they have the ability to instruct any system to “forget me”. This would trigger a string of technical actions which would anonymize their information, making it very difficult for any person, business or technology system to identify that person individually.
Fundamentally, this movement is not so much about restricting the usage of personal data as it is about giving control back to individuals. It’s about companies being open and transparent about what personal data they have on individuals, and about the way they handle that data.
For 10+ years there has been a lot of fuzziness and disparate regulation around data privacy and transparency. The EU is saying “no more”, and it’s highly likely that other regulatory bodies will follow suit.
A note for legal and/or data nerds:
According to the GDPR, "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
This is NOT the definition of PII. The GDPR does not reference the term PII as it's a US-based term; instead, the GDPR has defined "Personal Data" as it's version of PII. For all intents and purposes, these terms mean basically the same thing.
DemandJump and Data Privacy:
As of May 25th, all organizations working with the data of EU citizens will need to be GDPR compliant.
DemandJump’s core value is to deliver innovative solutions to problems for our customers, and we take your needs for data privacy and security seriously. We also believe in the overall need for privacy and security in the broader context of this movement.
At DemandJump, our team is working hard to ensure that our own practices are GDPR-compliant. But equally important to us is helping our partners and customers, understand what GDPR means for your businesses and how to build compliant processes of your own.
Our sincere hope is to use the GDPR as an opportunity to improve the experience for customers and individuals online, and especially those people that trust DemandJump with their data.
DemandJump is currently preparing all the necessary GDPR legal and technical documentation, which will be accessible on our website. We’ll also provide default documentation for our customer’s websites.
Please be on the lookout for more updates from DemandJump on GDPR readiness and compliance, including resources and instructions for our customers. We expect to have everything ready by May 1st.