Published on December 7, 2017
By Steve Youngman, VP Finance and Legal
When the European Union’s General Data Protection Regulation (GDPR) goes into effect May 25, 2018, Hush will be ready. As discussed in our previous post the GDPR lays out in clear terms what personal data is and how it can be used. It sets stringent rules regarding consent and control; transparency in the case of data breach; and the granting of individual rights, such as the right to have personal data removed from businesses’ databases.
At Hush, we make personal data protection our priority every day, and most of our company policies are already in line with the GDPR. The changes you will see in the spring at Hush will be minor, and for the most part, simply make more visible the courtesies we currently provide our customers.
Under the GDPR, businesses must acquire clear consent from individuals to use their data for specific purposes that are spelled out in detail. With that in mind, we are expanding the consent form that customers fill out when they sign up for a Hushmail account. It will require customers to actively consent to specific uses of their data. Hushmail customers will also be able to easily withdraw their consent at any time with a separate, easy-to-fill-out webform.
Securing data is an ongoing process and we will continue to provide the same rigorous protections Hushmail customers are used to. Hush has always been diligent about securely storing and not sharing customers’ personal data, and we adhere to a policy of full transparency in case of a data breach, similar to the rules set forth by the GDPR. That policy requires immediate notification, a clear description of the breach, and a recommendation of what the individual can do to protect themselves from harm related to the breach.
The GDPR gives individuals comprehensive rights to access, correct, port, erase, and object to the processing and storage of their data. If a customer decides to leave Hushmail, under the GDPR they will have the right to have their personal data fully erased from Hushmail databases. In compliance with the GDPR, we will make it quick and easy for customers to make this request.
Although the GDPR will only directly affect our EU customers, the rules support what has always been our closest held value, the right to private communication. All Hushmail customers, not just those in the EU, can expect to benefit from the changes mentioned above.
The rules of the GDPR are the most comprehensive guidelines for personal data protection set forth by any governing body, and we expect that they will greatly add to the ongoing conversation about privacy. This is a conversation Hush firmly supports, as the GDPR inspires the growth of privacy rights around the globe.
Steve Youngman has been part of the Hushmail team since 2000. With degrees in Commerce and Law from the University of British Columbia, he is well suited to lead our finance, privacy, and legal departments. Steve has extensive experience providing business, tax, and legal advice to entrepreneurial clients.