If you work in an IT company operating in the European Union, chances are you’re already tired of hearing about GDPR, the General Data Protection Regulation, to be enforced come May 25th.
This new regulation lays the rules for protection, handling and free circulation of personal data in the European Union, strengthening the rights of individuals and increasing the responsibilities of organizations. More than ever, businesses will need to be fully transparent with anyone willing to trust them with their personal data, informing individuals about the purposes of its collection or how it’s kept safe and secure. Companies will need to meet a very high ethical and technical standard, otherwise, they can be held accountable and risk hefty fines of up to €20 million (or 4% of global turnover).
With little over a month to go before the new regulation’s enforcement, we share some of the steps we took in preparation for GDPR and, hope to inspire some partners and peers to follow them:
- Getting the right people involved: Since most teams at DevScope handle customer personal data to some degree, we created a work and discussion group (aptly named GDPR) composed by each team manager. Since its inception, everyone involved has used it to share and debate all sorts of information regarding GDPR, be it benchmarks, best practices or even opinion pieces. This short-term “Think tank” allowed us to gather enough information to write and develop the policies that best reflect our transparency efforts to protect our users;
- Collaborating: since every company collecting personal data in the European Union must follow the new regulation, why go at it alone? We partnered up with Bind Tuning, a leading web design company, to interchange ideas and create policies that could be adopted by both companies;
- Proofreading as many times as necessary: you can never be too careful when it comes to handling personal data. In early January, we adjusted our websites’ privacy and cookies policy, as well as their terms & conditions, but have since then lost count of how many times they were revised and rewritten to be 100% GDPR compliant. Comb through your text and make as many adjustments as necessary;
GDPR may be a tiresome subject for developers to deal with and require a lot of adjustment by some companies, but it’s a much-needed policy and one that reflects the maturity of the internet itself. Individuals will be more protected than ever and, and won’t have to rely as much on the goodwill of the companies rendering them services through the web. Above all, GDPR draws clear lines regarding what companies can and can’t do in an often unregulated environment.