Have you ever wondered how possible it is for a simple abbreviation to cause unbelievable “headaches” to businesses and marketers? Well, it is… if we are talking about the GDPR! The law that turned almost everything upside down the moment it entered into force for European countries in May 2018.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that was implemented on May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in the EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. It also empowers member state-level data protection authorities to enforce the GDPR with sanctions and fines.
Who should comply with the GDPR?
Any organization that processes the personal data of people in the EU must comply with the GDPR. “Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc. Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply. The GDPR is also not limited to for-profit companies.
What is personal data?
Personal data is defined as “any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it”.
Nimbata complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. When it comes to access to personal data, Nimbata doesn’t store any personal details in its servers, further than the caller ID – if the client wishes to do so. In addition, caller IDs can be masked, displaying only the first five digits of the caller in the available reports.