The GDPR (General Data Protection Regulation) takes effect on May 25, 2018.

It is a new comprehensive data protection law in the EU which replaces the patchwork of national data protection laws currently in place in each EU member state, with a single set of directly enforceable rules throughout the EU.

With the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual. It regulates the “processing,” of personal data about EU individuals, which includes the collection, storage, and transfer or use.

Regardless of whether an organization has a physical presence in the EU or not, any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law. To be noted, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. 

The new GDPR not only ensures an increase in individual privacy rights, on a global scale, but also ensures accountability & transparency.

How do I get ready for GDPR ?

GDPR is a new challenge that all companies, large & small, face. Compliance is not an option.
Here are a few questions and considerations, to start the preparation process and to get the ball rolling in the right direction:

• Do we have EU relevant data ?
• How and where do we store our customer data ?
• Do we process data ?
• Do we have proper policies in place that clearly define how we handle data and what we do with our client's data ?
• Are we able to offer opt-out mechanisms ?
• Do we have the tools & the technical means to transparently handle GDPR relevant data ?

As with existing privacy laws, GDPR compliance requires a partnership between suppliers and end customers, in this case Nexell and of course salesforce.com, for the delivery of our services to our clients.

Nexell is committed to help our clients keep "Enabling Better Relationships", and this includes helping them with their GDPR compliance needs. We have analyzed the GDPR requirements and are working closely with salesforce.com to help ensure that we are prepared to support our clients in their GDPR activities. 

Internally, Nexell is completing enhancements to its own systems, processes, services as well as contractual documentation, to ensure full compliance. Further reference to salesforce.com's compliance activities, can be found at the links below.

GDPR affects us all. Nexell is prepared and is actively advising its client base on their needed preparations. Contact us for a discussion about GDPR.

 

Further Reading & References:

• The EU General Data Protection Regulation
• European Commission Data Protection
• Salesforce.com's GDPR commitment
• Salesforce.com GDPR resource website
• Salesforce.com Data Processing Addendum

This & future articles, related documents and all Nexell information are a broad overview of the coming EU General Data Protection Regulation (GDPR) and does not provide legal advice. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.