GDPR at Veoci
The General Data Protection Regulation (GDPR) governs data protection and privacy for organizations that control or process the personal data of EU residents, no matter where they are located in the world. This sweeping regulation is poised to transform the operating landscape of data security worldwide. It represents one of the most significant pieces of technology regulation in this century. Here at Veoci, we welcome the GDPR as an opportunity for us to raise the bar for data security even higher.
Data security has been built into Veoci’s DNA from the beginning. We identified the following key principles that will act as guiding lights when working not only with the personal data of EU residents, but personal data across the board. Those principles are as follows:
A Commitment to Data Protection and Privacy
“Data protection by design and by default” is a core operating principle at Veoci, even before the introduction of the GDPR. As a SaaS provider, we’ve practiced strong data management practices since the start. We incorporate data privacy and security considerations throughout the development of new products or services that involve processing personal data. We also ensure that, by default, privacy standards are met during the processing of personal data.
Collaboration and Coordination
We’ve always worked closely with our customers. GDPR requires collaboration and teamwork from every side, and we’re happy to make that effort. Communication is vital to adhering to the mandates and standards of GDPR. Together, we’ll work closely to to follow the new rules, regulations, and practices under GDPR.
Innovation
We’re constantly developing and improving our products and services, and “data protection by design and default” is an integral part of this innovative mindset. Data protection is one of our core values, so you can be sure it’s always factored into everything we do.
Want More Information?
As a company, we are committed to compliance under the GDPR. If you have any questions or would like more information about GDPR and Veoci, contact us.
Frequently Asked Questions
The General Data Protection Regulation (GDPR) grants EU citizens more personal data protection. By enforcing stricter laws and delivering new rights to EU residents, GDPR will influence responsible personal data practices worldwide. GDPR replaces older laws throughout the EU and its Member States, and redefines personal data rights for today. Its impact is global since any organization that gathers and processes the personal data of EU residents will need to comply.
- Maintaining transparent and lawful personal data processing
- Preserving the conditions for which data was gathered throughout its use
- Protecting data from theft, unintended loss, or use outside the defined bounds
- Document the gathering and processing of data
These are just general responsibilities. The nature of your organization would define the scope of your responsibilities under the regulation. A careful review of your current practices and the regulation is a good place to start.
The definition has a broad scope. Read the regulation for a full definition. Names, physical appearance, social media posts, and even IP addresses and cookies are considered personal data. If information about a data subject (i.e. EU residents) identifies them in any way, it is considered personal data. All of these pieces of information can act as identifiers, hence the protections under GDPR.
A review of your data collection practices can help you determine if your organization is gathering or processing personal data as defined by GDPR, and therefore subject to regulation.
Depending on circumstances, data protection authorities could issue fines or penalties. A fine for non-compliance could be as high as either €20 million or 4% of global revenue.
GDPR applies to a lot of scenarios. Whether the regulation needs to be considered will totally depend on the circumstances. However, if your organization is not based in the EU and/or doesn’t gather and/or process data from EU residents, the regulation won’t necessarily apply. Review your organization’s operations, procedures, processes, products, services, and customer base to see if your organization needs to comply with GDPR in any way.
See the complete and final draft of the law for a full understanding of the regulation’s reach.
Data does not have to stay within the EU. GDPR is mostly concerned with the data of EU residents, which isn’t necessarily tethered to locale. As one example, a controller can have a processor based outside of the EU, but the controller must preserve the conditions of collection with the processor. Other mandates outside of the EU’s purview, like the EU-US Privacy Shield and contractual agreements, would still apply.
We do have material, such as this blog post, you can read to develop your understanding further.
There is a multitude of resources available for understanding the GDPR. Many outlets, platforms, companies, and groups have dedicated time to understanding the new law and its impact, which a quick Google search will reveal. We also suggest taking a look at this EU website for a more comprehensive view of the GDPR.
Professional expertise can best guide you and your organization in how to operate under the GDPR. This page, and other materials about the GDPR from Veoci, are interpretations by our team; they are not intended to be legal counsel or advice. The content and statements here are subject to change and may be updated at any time and without notice.
In this blog post, you can read about the GDPR and why we’re thinking about crisis management and business continuity.