By Matt Collins, General Counsel
The European Union has instituted a new law that affects companies with that collect personal information from Europe visitors. This new law is called the General Data Protection Regulation or “GDPR”. The purpose of this article is to introduce you to the GDPR, explain NationalNet’s new policy and highlight what you should know for your own business.
INTRODUCTION TO THE GDPR
The GDPR applies to any company that collects personal information from an EU citizen and thus this law applies to companies throughout the world…and may apply to you as well. The GDPR takes effect on May 25, 2018 and that is the date that the NationalNet policy also takes effect.
The goal of the GDPR is to give European citizens control of their personal data. The definition of personal data is set out in the NationalNet Data Protection Policy in Section 3. In short, personal data is any information relating to a person who can be identified directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This is a pretty broad definition and thus much of the information that is collected may be classified as personal data.
The GDPR provides three basic privacy rights and we respect these rights through our Data Protection Policy. These rights are:
- The right to request to view personal data that has been collected.
- The right to correct personal data that we have collected and that has errors or is incorrect.
- The right to request that personal information collected be deleted.
The fines and penalties for failing to provide these rights or to follow the GDPR can be huge, up to four percent of global revenue, so this law is not to be taken lightly.
NATIONALNET’S NEW DATA PROTECTION POLICY
The NationalNet Data Protection Policy (“Policy”) may be found at www.nationalnet.com/GDPR. NationalNet has always complied with the EU data protection laws and was a participant in the Safe Harbor Certification Program that was operated by the US Department of Commerce in cooperation with the predecessor law to the GDPR. NationalNet is also compliant with the new GDPR and thus the new Policy is designed to inform visitors, customers and others about the collection, processing and storage of personal data that is provided to NationalNet.
The personal data that NationalNet collects comes from a variety of possible sources such as visitors, potential customers, job seekers, vendors and many others. The Policy outlines how we collect, process and store personal data and other information that we collect from these various possible sources. There are four types of situations where we collect persona data from visitors, including:
- Visitors: We collect minimal data from visitors to our site. This data is mostly in the form of analytical data and website usage and is set out in Section 4 of the policy.
- Contact: We collect more personal data from people who initiate contact with us through the website, email or any other method of communication. The kind of information that we collect on these types of requests is outlined in Section 5 of the policy.
- Potential and actual customers: We collect more personal data when you apply for and become a customer of NationalNet. This information required is much more extensive as we need a variety of information to properly provide our services to you and your organization. This kind of information is set out in Section 6 of the policy.
- Job seekers: We collect different personal information for those who contact NationalNet to seek employment. This type of situation is set out in Section 7 of the policy.
To manage the data protection process, I have appointed as the new Data Protection Officer. While not every organization needs to appoint a Data Protection Officer, NationalNet has made the decision to go in this direction to implement the best possible system to protect personal data, respond to inquiries and to assist customers with issues that may arise under the GDPR. Under the GDPR, the Data Protection Officer is responsible for managing the internal data management activities, assisting with data protection assessments, work with our technical staff and responding to inquiries from individuals seeking to review, edit or delete their personal information. The GDPR also sets out several other responsibilities of the Data Protection Officer and I will be responsible for those tasks as well. You may contact the NationalNet Data Protection Officer at DPO@NationalNet.com.
WHAT YOU SHOULD KNOW FOR YOUR BUSINESS
The best solution is always to seek legal advice to review your situation, your policies and practices to make sure that you are compliant with the GDPR. For you and your business, it is important to note that you are responsible for the data you collect, process and store. Any personal data that you collect belonging to an EU citizens is specifically subject to the GDPR and thus you should be careful to follow the law.
If you regularly collect detailed personal data from EU citizens, then you should carefully review your policies and practices to make sure you are compliant with the GDPR. You should consider contacting legal counsel to review your practices and policies to make sure that you are compliant with the GDOR.
If you are an individual or company based in the EU, then you should absolutely contact your attorney to review your practices. Don’t hesitate and hope for the best.
NationalNet as your webhost and service provider, licenses the equipment to you for your use; you are, however, the data collector and processor. Because the GDPR may well apply to your organization and the data you collect, process and store, you should make sure that you are complaint to protect you from claims brought in the EU.
While I cannot provide you with specific legal advice for your business or practices, I can answer general questions regarding my understanding of the GDPR and how NationalNet has implemented the requirements. Please feel free to contact me at DPO@nationalnet.com.