The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It launches 25th May 2018 🚀.
We've had our head down reading through more documentation than an entire university degree to decipher our obligations in regards to our Classic FileMaker based product and our current web based app.
As always, there is more work to do, but below is an overview of GDPR and some of the ways we are cracking the whip to be a good little software company (comply):
What is GDPR?
*Warning - serious stuff* The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
Brexit - will UK companies still be affected?
Yes, as the UK is still part of the European Union at the time the regulation comes into effect. It is also expected that the UK will fully adopt GDPR into its domestic law following Brexit, meaning an identical or substantially similar regulation will apply.
What Streamtime has done to prepare:
We have handpicked the smartest minds* in the company (put together a team) who are responsible for understanding our obligations under the GDPR. This includes obligations as both data processors (personal data our clients store in our software) and data controllers (personal data we store on our prospects/clients).
Our team includes a representative from each of our business areas (support, sales, accounts, product) based both in the EU, Australia and New Zealand. The team reports directly to both our Managing Director and Founder.
*biassed opinion not based on any real facts 🤥
We have formalised our internal processes by creating documentation easily accessible by every staff member. Area's covered include - data breach procedure, subject access request procedure and data security policy.
Security (current Streamtime product)
Streamtime has been built with privacy in mind, so we were chuffed to be given a 'clean bill of health' after a recent checkup (third party security review). We listened to their recommendations on cleaning up our lifestyle and are now healthier than ever.
Security (Classic - FileMaker Based Clients - Purchased pre 2016)
Our Classic product, built on the FileMaker platform (no longer on our menu) has been a major focus for us.
We have identified a certain subset of companies using Streamtime Classic in a certain way (self hosted with users connecting to their servers from outside the office) where extra security in the form of SSL certificates are recommended. This information was included in an email to all existing users.
We took this opportunity to review our internal processes in relation to data privacy within Streamtime. We are confident that we treat all the personal data we store with the respect it deserves but will try to keep improving. This was covered off in our internal data security policy.
We have tried to be transparent with our clients in terms of business goals, where we are heading and reasoning behind certain business decisions all along. The steps outlined in this article provide us with an opportunity to expand our transparency to personal data and our privacy processes - the more transparent we can be the better.
Whilst the personal data you store in Streamtime Software will require GDPR compliance, it's not the entire picture. Some steps you can take are:
Get familiar with the GDPR requirements and how they affect your company.
Map out everywhere you process data and carry out a gap analysis.
Chat to your lawyer about what your company needs to do to.