The European Union has introduced a new set of laws designed to protect the privacy of individuals and require companies to be ethical in their management of customer data. These laws, known as the General Data Protection Regulation, go into effect on May 25th, 2018.
These laws can sound intimidating – and if you’re an individual in the United States, you may think these regulations are irrelevant to you. But the core principles of the GDPR are relatively simple, and anyone who interacts with residents of the European Union needs to be aware of the rules of the GDPR.
Here’s what you need to know about GDPR, what we’re doing for it, and what you need to be aware of if you do business with EU residents:
Basic Rules of GDPR
Like most legislation, the GDPR is over 200 pages long – if you’re so inclined, you can read the full text here.
As mentioned, the end goal of GDPR is to protect personal information of individuals in the EU. Some of the key points include:
Personally Identifiable Information: GDPR is focused around companies’ use of information that can be used to identify an individual, known as PII (personally identifying information). This information can include, but is not limited to, your name, e-mail address, physical address, phone number, online usernames, and financial information.
Explicit Consent: Under GDPR, you must obtain explicit consent from EU individuals in order to market to them. You cannot send things like newsletters and special offers within a positive opt-in (meaning the individual has to check the opt-in box themselves – it can not be pre-selected). You can also not share their data with third-parties and partners without a positive opt-in.
Business Communication: Under GDPR, you are still allowed to communicate with individuals regarding a legitimate business case (i.e. they submitted a request for a quote – in this case, you can communicate to them about their quote, but not special offers and marketing activities, unless they have given explicit consent).
Right to Data: If you are an EU citizen, you have the right to know where, why, and how your data is handled. Under the GDPR act, an individual has the right to download their personal data, and they have the right to opt-out of communications at any time.
Right to Be Forgotten: In addition, under GDPR individuals have the right to be forgotten, meaning they can request their data to be deleted by a company who obtains it. Unless the data is needed for a legitimate business case (i.e. the data is used for their account with a software program), it must be deleted.
Breach Notification: Compromises in data security must be reported to authorities within 72 hours, and for high-risk cases (i.e. financial information), individuals impacted by the breach must be notified immediately.
In short – GDPR provides citizens of the EU with a higher level of protection for their information by ensuring that companies use the data in the right way. The GDPR is designed to cut down on unsolicited marketing activities, give individuals control over their data, and ensures they are notified quickly of breaches in data.
The rules of the GDPR apply to all companies who interact with EU residents, and it’s on them to ensure they are compliant. Penalties for non-compliance with GDPR can be incredibly steep – including penalties of up to 4 million euro or 20% of company revenue.
ServiceBridge GDPR Compliance
ServiceBridge users in the EU can request that we provide them with the personally identifiable information we have about them, as well as requesting the deletion of data.
If you are a resident of the EU and wish to receive marketing communications from ServiceBridge, you will have to provide positive opt-in to continue to receive messages from us. You will see an email from ServiceBridge that provides this information.
Field Service GDPR Compliance
As a party that is collecting and processing personally identifiable information, field service companies who operate within the EU must be aware of these regulations set forth by the GDPR.
If you are working with EU customers and using ServiceBridge (or any field service application), the same rules outlined above apply to your business. That means:
Your field service company must comply with requests to provide information to individuals and the right to be forgotten.
In order to market to customers based in the EU, you must receive positive opt-in to send them promotional materials or share their information with third parties.
If you are an EU company using a field service application such as ServiceBridge, you are still the primary party liable for compliance. When a client requests their data or deletion, you must execute that process and you are accountable for it – not your field service software provider.
Overall, the GDPR can be an intimidating thing to wrap your head around – but the core principles are straightforward, and will ensure the safety of customers and companies alike. If you have any questions about our compliance with GDPR and how we handle your data, reach out to us at firstname.lastname@example.org
On May 25th, the General Data Protection Regulation goes into effect, setting new rules on how businesses can collect data on EU citizens. Here’s what the GDPR means for ServiceBridge users and field service companies.