We’ve had our head down reading through more documentation than an entire university degree to decipher our obligations in regards to our Classic FileMaker based product and our current web-based app.
As always, there is more work to do, but below is an overview of GDPR and some of the ways we are cracking the whip to be a good little software company (comply):
What is GDPR?
*Warning – serious stuff* The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
Brexit – will UK companies still be affected?
Yes, as the UK is still part of the European Union at the time the regulation comes into effect. It is also expected that the UK will fully adopt GDPR into its domestic law following Brexit, meaning an identical or substantially similar regulation will apply.
What Streamtime is doing to prepare:
We have handpicked the smartest minds* in the company (put together a team) who are responsible for understanding our obligations under the GDPR. This includes obligations as both data processors (personal data our clients store in our software) and data controllers (personal data we store on our prospects/clients).
Our team includes a representative from each of our business areas (support, sales, accounts, product) based both in the EU, Australia and New Zealand. The team reports directly to both our Managing Director and Founder.
*biassed opinion not based on any real facts ?
Documentation
We started combing through all the personal data we store (great reading btw) some months ago and are nearly done – hoorah! ? We’ll share our findings (not your data of course) so everyone is clear on what we keep hidden behind the curtain.
Privacy Notices
You know the thing that you always say you read…but don’t. We are looking at our existing epics with the aim to make them a little more human and include GDPR bits before go time (25th May 2018).
Co-ordinating with Vendors
We’re getting in touch with all our vendors, understanding their GDPR plans and discussing GDPR-ready data processing agreements (DPA’s for you acronym geeks) with them.
Security (current Streamtime product)
Streamtime has been built with privacy in mind, so we were chuffed to be given a ‘clean bill of health’ after a recent checkup (third party security review). We listened to their recommendations on cleaning up our lifestyle and are now healthier than ever.
Security (Classic – FileMaker Based Clients – Purchased pre 2016)
Our Classic product, built on the FileMaker platform (no longer on our menu) has been a major focus for us.
We are investigating any area’s that may not be compliant with the GDPR and formulating plans to ensure they are by end of May 2018. We’ll be communicating anything of use to those using this product.
Other
We are taking this opportunity to review our internal processes in relation to data privacy within Streamtime. We are confident that we treat all the personal data we store with the respect it deserves but will try to keep improving.
Transparency
We have tried to be transparent with our clients in terms of business goals, where we are heading and reasoning behind certain business decisions all along. The steps outlined in this article provide us with an opportunity to expand our transparency to personal data and our privacy processes – the more transparent we can be the better.
Your Role
Whilst the personal data you store in Streamtime Software will require GDPR compliance, it’s not the entire picture. Some steps you can take are:
- Get familiar with the GDPR requirements and how they affect your company.
- Map out everywhere you process data and carry out a gap analysis.
- Chat with your lawyer about what your company needs to do to.
Can’t get enough GDPR info? Here are some links:
- European Commission, 2018 reform of EU data protection rules
- Article 29 Working Party (from 25 May 2018, the European Data Protection Board) GDPR guidance
- UK Information Commissioner’s Office Guide to the GDPR.
