As of May 25, General Data Protection Regulation (GDPR) will come into effect.
This new data protection law affects any organization local or international that collects, stores, modifies and likewise processes personally identifiable information (PII) of EU citizens.
For breaching GDPR in any of its segments, companies worldwide are going to face serious fines — up to €20,000,000 or 4% of their annual turnover, whichever of the two is greater. Reason enough for all of us to make it a top business priority in the following month.
Personally identifiable information (PII) is defined as the information that represents and identifies an individual on the Internet. These information include but are not limited to:
- Social Security numbers
- Mailing or email addresses
- Phone numbers
- IP addresses
- Login IDs
- Credit card information
- Social media accounts
- Geolocation information
- Biometric and any other data that identifies a certain individual
All these information are usually collected through online forms like signup, subscription, feedback, registration, application, and payment forms.
During more than a decade of EmailMeForm, we have always supported our users, ensuring that the forms they make and the data they collect are secure and adhere to our Terms of Service, anti-spam, anti-spoof, and other rules of proper conduct on the web. GDRP, however, requires much more than that.
What is EmailMeForm doing to prepare for GDPR
Privacy and safety of the data that gets collected, stored, and processed through our system has always been our top concern. Our team will continue supporting your safe operations while giving you even more control over your data.
As your form provider and data processor, EmailMeForm is making sure that we on our side are ready for GDPR and our system is all set to help you become compliant.
For the sake of clarity, GDPR is introducing these three types of entities in the data processing cycle:
Data processor - orgs and apps through which personal data collection and processing are made available to data controllers (EmailMeform)
Data controller - orgs that collect personal data from their customers (you)
Data subject - a person whose data is being collected and processed (your customers)
EmailMeForm can be seen as mainly your data processor. However, since we also use other platforms to outsource some of our data operations — we become a data controller in respect to those platforms.
Therefore, we are making sure that the vendors we work with are GDPR compliant and sensitive about keeping your personal data safe.
As most of our users fall into the data controller category, we would like to give you a heads up about the steps you need to take yourself to make your forms adhere to the GDPR rules.
In this article we’ve explained how to achieve this for your forms.
Both data processors and data controllers are legally liable for data breaches. Hence, it is in our best interest to get this right together and we need to do it fast.
Now, let’s see what EmailMeForm has done and is still doing to achieve GDPR compliance for our platform:
We’re making sure that the data you collect and store via your EmailMeForms are encrypted while in transit and at rest.
Tracking and pinpointing the areas we need to work on in relation to GDPR, making a GDPR impact assessment, and devising a strategy for product and team development.
We have appointed a Data Protection Officer (DPO) to spearhead our GDPR implementation strategy.
Our team is reviewing our internal processes making sure that only specific employees are granted the access to user data when their job roles require the access. These employees have received a special training to understand how to properly keep information secure and they are logged for what they access to ensure the safety of the data. This means that our customer information is only available on a “need-to-know” basis by EmailMeForm employees.
All team members have adopted multi-factor authentication (MFA) for the accounts they use to access and process customer data. We suggest that you do this too, for all your accounts.
We are building a GDPR-focused operations team that will be available to our users and employees to help them stay compliant with GDPR.
For your convenience, our marketing team has prepared guides to educate you on the existing EmailMeForm features that can be used to make your forms compatible. Here is a hint on those:
- Data control - As an Admin user you have full control over the data you collect and the right to view, edit, and delete entries inside your Data Manager. The length of time that admins choose to store these data is entirely up to them.
- Activity log - As an admin you can see the actions taken by your team members who have access to form entries.
- Form security - In collecting sensitive data, we highly recommend that you: enable SSL, mask form fields, and activate field and storage encryption.
- User management - It is recommended that you review your sub users and their respective account permissions for stronger control over your data.
Our engineers are developing new platform features to make GDPR compliance easier for you (maintenance of personal data records and processing activities). We will post about new features as they are built and ready for you to use.
Additionally, we are constantly dedicated to security monitoring and server checks.
Our DPO is double checking our data processors that we use for marketing, SEO, customer support and other internal operations, making sure that their platforms and processes comply with GDPR principles.
We are doing the best we can to ensure that we are compliant and to help you become compliant in time as well.
Additionally, you can check this overview of key terms and features that will help you unlock the EU General Data Protection Regulation.
To seek more information or ask for assistance in your GDPR efforts, please get in touch with our compliance team at firstname.lastname@example.org.