What is GDPR?
The General Data Protection Regulation (GDPR) is a European rule that comes into effect on May 25, 2018. It represents a major overhaul to Europe’s data protection regulations, which have not been updated since the early days of the Internet. GDPR will completely change how organisations can handle the personal data of their customers. Control over personal data is - rightly, we think - put in the hands of the individual again, and the penalties for organisations who misuse the data are severe. The regulation will largely remain in effect in the UK regardless of Brexit, enforced by the Information Commissioner’s Office.
What is considered personal data?
GDPR’s definition of personal data is fairly broad, and includes anything that could be used to identify somebody. That could be anything as seemingly benign as a name, or anything as clearly private as an address. That means that almost every organisation is impacted by GDPR, including Vable.
What are my rights as an individual?
The GDPR strengthens existing individual rights regarding their personal data, and creates new rights. You have the right:
- To know what data of yours is being processed
- To access your data
- To rectify your data if it’s incomplete or inaccurate
- To erasure/to be forgotten
- To object to the collection of data
- And many more, which you can read in the full text of the GDPR here
What are Vable’s obligations under GDPR?
Our obligation to you as people who have a relationship with us is both simple and far-reaching: we must treat your personal data as sacred. We have to both respect the rights listed above and respect your privacy.
We have to fulfil another obligation. If we suffer data breaches that are likely to have a negative impact on your individual rights and freedoms, we have to let you know as soon as possible and report it to the relevant authorities. We have systems in place to monitor for breaches, and we take this very seriously. More about this below.
What kinds of data does Vable collect?
Vable is only interested in collecting the information that we need to best serve you. If you are a blog subscriber, for example, we need your name and email address to send you the blog. If you would like to download our long-form content, we may ask you for some more information - such as your job role - so that we can tailor our suggestions for other content that may interest you. We never pass on or sell that information to anyone else, and we are committed to protecting it.
Is Vable GDPR compliant?
We at Vable take privacy extremely seriously, and are committed to being GDPR compliant by the deadline of May 25th. We have been hard at work implementing the necessary changes across our organisation to make that possible. There are two divisions of compliance for Vable: our software, and our organisation.
The main ways GDPR affects our software are a) security and b) that under GDPR, individuals have the ‘right to be forgotten’. Our team is and always has been committed to keeping our platform secure.
The implications for our organisation are similar to the implications for every other company operating in the EU: we collect data that is considered personal data for a number of reasons, including customer support and marketing. We want to assure you that we have undergone a data audit to ensure that we understand the how, what, and why of any data we collect and have made changes where necessary. We have also been in contact with our business solution vendors to ensure that they too are, or will be compliant.
We have also appointed a Data Protection Officer, and are available to answer any questions you may have about GDPR as it affects your relationship with Vable. Please email us on firstname.lastname@example.org for a response within 3 business days.