Published on November 30, 2017
By Steve Youngman, VP Finance and Legal
The European Union’s General Data Protection Regulation (GDPR) was approved in April 2016 and will go into effect May 25, 2018. Do you know what the GDPR will mean for you and your business? Today’s post is the start of a three part series about the GDPR — what it is, the changes you will see within Hushmail, and what you can do to ensure your own compliance as a business owner.
The GDPR lays out in clear terms rules for what personal data is and how it can be used. In doing so, it places the right to personal data protection in the same category as freedom of expression and the right to a fair trial. Once it goes into effect, the GDPR will be enforced in all EU member states. However, even if you aren’t an EU citizen, if you conduct business with EU clients, you will have to ensure your organization is compliant. In fact, the scope of the GDPR is so overarching, anyone conducting business online will likely see some related changes. Many of the measures go significantly further than what is required by other laws, including those of the United States and Canada.
In simplest terms, the GDPR can be broken down into three key concepts:
Under the GDPR an individual has a basic right to control over his or her personal data and is required to give consent by clear affirmative action to any entity wishing to use their data for any reason. The individual is also entitled to withdraw consent as easily as it was given. The entity requesting the data must inform the individual of how their data will be used and only gather as much data as needed for the stated purpose.
In case of a security breach when data may have been compromised, the regulators and individuals whose information may have been compromised must be notified and provided full disclosure, including an explanation of what happened and what is taking place to remedy the situation, as well as a recommendation of what the individuals might do to protect themselves.
Have you ever signed up for a service that you later canceled only to be continuously inundated by emails? Under the GDPR, individuals are given comprehensive rights to access, correct, port, erase, and object to the processing and storage of their data.
The rules of the GDPR are complex and wide-reaching, but their ultimate goal to protect individuals’ personal data is simple and one that Hush fully supports. Although the GDPR will only directly affect our EU customers, the rules support what has always been our closest held value, the right to private communication. We believe that what Hush does every day — provide safe, secure, private email — is achieved through an organizational culture of privacy that pervades our entire organization. In other words, privacy is our raison d’être.
Steve Youngman has been part of the Hushmail team since 2000. With degrees in Commerce and Law from the University of British Columbia, he is well suited to lead our finance, privacy, and legal departments. Steve has extensive experience providing business, tax, and legal advice to entrepreneurial clients.