Zenkit and the GDPR
Everything you need to know about Zenkit’s approach to GDPR compliance.
It’s no secret that the General Data Protection Regulation (GDPR) is a big deal. You’re probably totally overwhelmed by all the GDPR compliance emails, blog articles, reminders, and more. We’re no strangers to it ourselves!
But is it all worth the panic, or is it simply much ado about nothing? Let’s investigate…
Is the GDPR Really That Serious?
In short, yes. There are confusing legal matters to navigate, a total re-work of lots of tools and processes, a looming final deadline, and big fines to contend with if you’re not compliant.
All that being said, you shouldn’t panic. While this all seems kind of scary (and more than a bit complicated and annoying to deal with), it’s actually a really positive thing in the end!
The Plus Side of GDPR
While we have always taken data privacy very seriously at Zenkit, the GDPR forces us to up our game and take it to the next level. Being GDPR compliant…
- Improves and future-proofs our processes
- Makes us review and re-work our agreements
- Helps us to map and simplify how data is handled
- Makes our handling of data clearer to you, the user
- Ensures that our team are fully aware of the best practices
Basically, it ensures that our data handling processes are state-of-the-art and that absolutely everything is documented so we can easily understand where personal data comes from and where it’s going.
The GDPR in a Nutshell
GDPR stands for the General Data Protection Regulation. It is the European Union’s (EU’s) new regulation that safeguards the personal data of individuals in the EU, as well as the export of personal data abroad.
If you process personal data on EU residents, you need to comply with GDPR, no matter where in the world you’re based.
Personal data = anything that could be used to identify someone (either on its own or in combination with other information). It’s a very broad definition and means that you need to be very careful about the data you capture and process.
There are 3 parties involved in the GDPR relationship:
- The data subject: The person whose personal data is being stored/processed.
- The data controller: The person or entity who determines the purpose and means for processing personal data.
- The data processor: The person or entity responsible for processing the data on behalf of the controller.
At Zenkit we are a data controller when we provide customer service, send newsletters and updates, keep data on our employees, or keep your email address to provide the Zenkit service. We are a data processor for our customers.
If you are a customer of Zenkit, we will soon provide all of the necessary legal documents, such as a Data Processing Agreement, to make sure that you are also fully compliant. Essentially, signing such an agreement will ensure that you as a data controller (who controls data about your customers) are employing a data processor (that’s us!) that complies with the new regulations.
The Principles Behind the GDPR
There are 6 principles laid out in article 5 of the GDPR that the data controller must be responsible for and be able to comply with. They are clear, logical, and put the interests of the data subject at heart. The principles state that data must be…
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they’re processed.
- Accurate and kept up to date, and that inaccurate data are erased or rectified.
- Kept in a form that allows for the identification of data subjects for no longer than is necessary.
- Processed in a way that ensures appropriate security of the personal data.
Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
To that effect, we as a data processor have published a GDPR FAQ on our site, that will be regularly updated if/when any changes are made to our privacy practices. This will enable you to demonstrate GDPR compliance if and when you may need to.
Please feel free to send an email to email@example.com if you have any questions. We’d be more than happy to help you out!
Siobhan and the Zenkit Team