What is GDPR?
The General Data Protection Regulation (GDPR) is a new set of regulations introduced by the EU on May 25, 2018. It represents a major overhaul to Europe’s data protection regulations, which have not been updated since the early days of the Internet. GDPR changes how organisations can handle the personal data of their customers, enabling greater transparency. Control over personal data is - rightly, we think - put in the hands of the individual again, and the penalties for organisations who misuse the data are severe. The regulation will largely remain in effect in the UK regardless of Brexit, enforced by the Information Commissioner’s Office.
What is considered personal data?
GDPR’s definition of personal data is fairly broad, and includes anything that could be used to identify somebody. That can include names, email addresses, the company someone works for, or a home address. That means that almost every organisation is impacted by GDPR, including Vable.
What are my rights as an individual?
The GDPR strengthens existing individual rights regarding their personal data, and creates new rights. You have the right:
- To know what data of yours is being processed
- To access your data
- To rectify your data if it’s incomplete or inaccurate
- To erasure/to be forgotten
- To object to the collection of data
- And many more, which you can read in the full text of the GDPR here
What are Vable’s obligations under GDPR?
Our obligation to you as people who have a relationship with us is both simple and far-reaching: we must treat your personal data as sacred. We have to both respect the rights listed above and respect your privacy.
We have to fulfil another obligation. If we suffer data breaches that are likely to have a negative impact on your individual rights and freedoms, we have to let you know as soon as possible and report it to the relevant authorities. We have systems in place to monitor for breaches, and we take this very seriously. More about this below.
What kinds of data does Vable collect?
Vable is only interested in collecting the information that we need to best serve you. If you are a blog subscriber, for example, we need your name and email address to send you the blog. If you would like to download our long-form content, we may ask you for some more information - such as your job role - so that we can tailor our suggestions for other content that may interest you. We never pass on or sell such information to anyone else, and we are committed to protecting it.
Is Vable GDPR compliant?
There are two divisions of compliance for Vable: our software (the Vable platform), and our organisation (Vable Ltd).
The Vable platform
Vable is used in a Business to Business (B2B) context. As such, all the End-Users whose data is stored on the Vable platform do so in context of their contractual agreement with their employer, who is a client of Vable. In this relationship therefore, all data pertaining to End-Users is owned by the client organisation; the rules governing this data are outlined in Vable's Terms & Conditions and the Client's agreement with their End-Users.
The implications for our organisation are similar to the implications for every other company operating in the EU: we collect data that is considered personal data for a number of reasons, including customer support and marketing. Some of this data is gathered through our public website (www.vable.com) whenever somebody browsing the site submits a form, signs up to our blog, requests a demo, free trial or a simple "contact-us" request. The rules governing this data fall under the GDPR; the data is owned by the data subject in question, and we have been careful to alert anyone visiting the site of the implications of submitting personal data such as names and emails.
We at Vable take privacy extremely seriously, and have been committed to protecting the personal data of all data subjects - employees, clients and people who browse our website - even before the GDPR came into effect on May 25th, 2018. Even so, we have made a number of changes to ensure complete transparency and privacy. The changes we have made are summarised below:
- Vable has audited all tools and third-party vendors to ensure that they are compliant with GDPR. This is important because Vable relies on others to manage or store some of this data. Knowing that our software partners are GDPR compliant gives us full confidence that your data is secure and used solely for legitimate business purposes.
- Vable has mapped all internal operational processes to establish where Personal Data is transferred, thus ensuring complete control to such data internally. This minimises the risk of potential data leaks and ensures that personal data can be erased entirely and efficiently.
- Vable has ensured that we can action a request for erasure from both the Vable platform as well as in our internal operations.
- Vable has changed all online forms to include an explicit, double-op-in statement. This means that, each time you hand us your personal data, you will be reminded why you are submitting such data before you do so.
- Vable has also appointed a Data Protection Officer, and are available to answer any questions you may have about GDPR as it affects your relationship with Vable. Please email us on firstname.lastname@example.org for a response within 3 business days.