What is GDPR?
GDPR stands for General Data Protection Regulation. It's a new regulation that improves privacy and data security for residents of the European Union and the European Economic Area.
It regulates how personal data is used. What counts as personal data? According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer's IP address."
The Information Commissioner's Office states that GDPR provides the following individual rights to residents of the European Union and the European Economic Area:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
So if you're in the EU, your ability to know what data companies have on you just got a lot easier. It is also now easier to request access/updating/deletion of that data.
Why should you care about GDPR?
If you're a customer from the US, Canada, or any other non-European country, you may be confused as to why all these companies are sending you information on updates to their privacy policies.
The reason is simple. Any business who has a client in the EU must comply with GDPR. Compliance also means notifying users of any updates to policies. And since most US businesses have clients in the EU, they're sending out notices about updates to their policies to every single customer to make sure each one of them knows what is going on.
In addition, GDPR will stop companies from using all the legalese in their privacy policies and terms and conditions that make them basically sound like they're speaking another language. These agreements now have to be in plain language that anyone can understand. And that's a big win for consumers and Internet users everywhere.
It will also make it as easy for consumers to opt-out of communications as it is to opt-in. You know those kinds of newsletters - the ones where you unsubscribe but the next week find the same information coming from a different email address? That should happen no more under GDPR.
In our eyes, this is all great for consumers.
What is JarHQ doing about GDPR?
JarHQ understands the spirit of the GDPR and has taken all the necessary actions to comply with GDPR. Here are just some of the actions we've taken so far:
- Ensuring consent for any marketing opt-ins on the JarHQ website
- Adding consent for cookie tracking on the JarHQ website
- Following best-practices for security and data storage
- Ensuring the access to data can be restored via backups
- Regularly reviewing and improving security practices
- Collecting on the data we need
- Giving customers a way to request what data we have on them and give them the opportunity to update it or request deletion
- Allowing customers to opt-out of further communications
- Training our team on data privacy best practices