GDPR is a European privacy law enacted on May 25th, 2018. It has four basic requirements
Whenever you ask for someone’s personal information, you must disclose how the information will be used.
Legitimate reason for using personal information
The best reason for using someone’s personal data is with their consent. Without their consent, you may still have a legitimate reason (such as a legitimate interest), but it may be harder to prove as legitimate.
New rights afforded to data subjects
People have the right to know what data you store about them, to obtain a copy of it from you, to withdraw consent to your use of their data, or to have it deleted.
Protection of personal data
You should protect personal data at all times. It is recommended that you encrypt sensitive data about a person whenever possible. Sharing it with third parties is prohibited without consent.
Failing to abide by GDPR can result in fines of up to $20MM or 4% of annual revenue.
In the few decades after the internet was commercialized, technology has transformed how we live and work. We ask Google personal questions, read Fox or CNN, send private messages through Facebook, and buy private personal effects on Amazon – these actions say a lot about us. And all of this data is stored, mined, and sometimes traded, with consumers having little control over the process.
Increasingly frequently, that data is being lost or misused. The Equifax data breach demonstrates that even the largest companies holding the most sensitive data can lack the basic safeguards necessary to protect us. Meanwhile, social networks and search engines mine and monetize us through our data in ways we don’t know. These are real and growing problems that GDPR aims to address.
GDPR applies to you if you meet any of the following conditions:
If you are outside the EU and run an exclusively local business, you don’t have to worry about GDPR. A flower shop in rural Ohio is unlikely to face the burden of complying, even if someone from the EU stops by your website and is captured by your analytics software.
It’s not your company’s size, but if EU residents could be seen as part of your target market, that determines your need to comply with GDPR. That means a small SEO company that accepts business internationally is still bound by GDPR.
You can read the exact legal text here
Our practices, policies, and products fully adhere with GDPR
Please note: some of the above features require a specific tier of Vtiger, or subscription to Vtiger’s Privacy Shield
When you use Vtiger CRM, you can trust that your data are safe, and that you always have the tools necessary to comply with GDPR. However, the tools must be used the right way. To that end, we recommend learning about GDPR, then updating your policies, practices, and procedures to comply with GDPR.
To start down that path, it’s helpful to read the full GDPR text (Without endorsing this source – it’s available here). Then find third party sources to learn best practices. Lastly, create a data protection team and make whatever changes necessary for ensure compliance.