As of May 25, 2018, the European Union (EU) will begin enforcing its General Data Protection Regulation (GDPR) framework. Companies that don’t comply with GDPR could face fines of up to 4% of annual global turnover or €20 Million.
At Spectrum, trust is one of our core values. As such, we take the security, privacy, and integrity of your user's data very seriously. Under EU guidelines, our technology is classified as a data processor. We've diligently prepared for the implementation of GDPR and protection of user data by working with industry experts, consultants, and corporate law firms to ensure we and our customers are ready for GDPR.
GDPR was established by the EU to provide users more control over their data and online privacy. GDPR will replace the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, protect and empower EU citizens, and reshape how global organizations approach data privacy. GDPR applies to all companies that collect EU citizen data, regardless of whether they're physically present in the EU. The regulation is designed to increase accountability for both data controllers (companies that collect personal data) and data processors (companies like Spectrum that process personal data).
Per the GDPR framework, personal data refers to:
...any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR is a new and complex piece of legislation: it has many moving parts. As such, some sections are up for interpretation. However, the fundamental intent of the regulation is clear: companies must work to minimize data utilization (where applicable), increase transparency, and adhere to strict security and privacy standards.
The main GDPR requirements for transparency include the following:
Spectrum Labs, Inc. has implemented, and continues to develop, new processes and improved technologies to address the aforementioned statutes, in addition to other GDPR criteria. We are committed to GDPR compliance and continuously strive to fulfill the data and privacy requirements contained within the EU's General Data Protection Regulation (GDPR).
Please Note: We are not GDPR specialists and can't offer legal advice. If you have questions about GDPR, we strongly recommend you contact, and work with, your own experts, lawyers, consultants, Et Al. for advice relating to your unique situation.
The entire GDPR legislation can be viewed here.