How Hearken is preparing for the GDPR
What's the GDPR?
The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018. The full text of the GDPR can be found here.
Does the GDPR apply to me?
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
Hearken + GDPR
Hearken is a Data Processor
GDPR is designed to protect EU citizens and their data, and there are two main parties who handle data that must comply in a variety of ways - the Data Controller and the Data Processor.
As it relates to the organizations who pay for our services, Hearken is a Data Processor. We use some sub-processors that handle data, too (Heroku Services and Amazon Web Services store and process data). All data is securely stored encrypted at rest in compliance with our data retention policy. Hearken has the ability to delete personal information and provides mechanisms for customers to integrate with third party services (E.g., MailChimp, Slack), as well as export data via CSV.
As it relates to Hearken's marketing site (the site you are on right now!) we are a Data Controller.
We’re updating our product
You will be able to capture consent from all question askers and voters - aka the Data Subjects. See the Hearken help site and search "GDPR" for more information.
You can request that we delete personal data collected from question askers and voters - aka Data Subjects (Starting May 25). Email: firstname.lastname@example.org to initiate a request.
We’re updating our Terms of service
Our updated Terms of Service sets out the terms for Hearken (as a data processor) and our customers (as data controllers) to meet GDPR requirements. This will be available for customers to sign upon request.
What can you do?
Steps you can take are:
Get familiar with the GDPR requirements and how they affect your company.
Review how you process and store data.
Connect with your lawyer about what your company needs to do.
Feel free to reach out to us if you have any questions about the GDPR – we’d be happy to chat about it: email@example.com