The General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation or GDPR is a newly adopted (effective May 25th, 2018) set of regulations meant to give members of the European Union control over their Personally Identifiable Information. Anyone who deals with the Personally Identifiable Information of a resident of the European Union (EU) is bound by these new rules to take sufficient action to ensure that their data is protected and is not shared with any third party without the express permission of the person whose data it is.
What is Personally Identifiable Information?
Personally Identifiable Information (or personal data) is any information alone or in conjunction with other information that can be used to identify a person. This information includes birthdates, addresses, email addresses, financial information, usernames, etc.
The GDPR and You
If your site retains or processes any data that could be construed as personally identifiable of an EU citizen or resident, the GDPR affects you. Rather than a passive opt-out system whereby the person whose personal data you have is defaulted to allow data sharing unless they specifically opt against it, with the new regulation all data is considered opted out with the ability to opt-in should they choose to do so.
As a site owner, you will need to adopt a data privacy statement to include what data you retain/process, how it is used, and a clear path for your visitors/customers to request for their data to be purged upon request (the right to be forgotten).
PRODUCT/SERVICE/SITE and GDPR Compliance
As a company with a customer base around the world, specifically with many of our subscribers in the Europe Union (EU), Elegant Marketplace are acutely aware of the increased privacy requirements resulting from the GDPR. We care about the security of our customers’ information and have implemented internal measures compliant with the strictures of the GDPR regarding notification of the types of personal data collected, information regarding who may access said data, for what purpose that data was collected, and the designation of a data protection officer (DPO).
Additionally, we made clear the opt-out procedure for sharing of personal data, implemented security measures to safeguard the personal data that we do keep, minimized the data collected to that which is relevant to the operation of our business and the customer’s site, made available the data collected in an easily accessible way to the customers to whom it belongs, as well as provide an easy method by which they can request that their personal data be purged from our system.
In the event of a data breach affecting your personal data, all appropriate authorities will be notified in a timely manner consistent with the rules laid out by the GDPR.
Will we be participating in Privacy Shield? What are we doing to ensure that data is secure?
As we have taken the necessary measures for compliance with GDPR internally and as Privacy Shield is optional (with the measures we have already taken), we have decided not to enroll in Privacy Shield.
Under the GDPR, EU residents have the following rights regarding their personal data.
Right to Access: You have the right to know what data we process, how it is used, and why.
Right to Rectification: You have the right to alter any personal data as you see fit. This includes correction, revision, and deletion of data.
Right to be Forgotten: Upon cancellation of your account, you can request all of your personally identifiable data to be purged.
You can download a copy of our Data Processing Addendum or DPA here.
If you have any other questions regarding the GDPR and Elegant Marketplace, please email [email protected].
For a full list of our sub-processors, click here.