GDPR, or more formally the EU General Data Protection Regulation, is upon us. A wide-sweeping piece of legislation that centers around the fact that citizens of the European Union deserve more control over how their personal data is used, GDPR includes a variety of rules and regulations that become effective May 25, 2018.
WizeHive is headquartered in the U.S., but like many others here on U.S. soil, GDPR has become a major topic of conversation and conduit to change. If you work with organizations in the EU or accept applications or any type of data from individuals based in the EU, you may be subject to GDPR.
Because we service customers abroad and know some of our U.S. customers accept information from individuals in the EU, WizeHive will be making changes to become GDPR compliant by the deadline.
Most simply stated, GDPR regulates how companies can collect and use personal data. Personal data could be obvious items like a name or email address, but also anything that could provide information about an individual’s habits or preferences, like their browser history or latest Amazon review.
Under GDPR, personal data must be:
To achieve this, any data collected must be done with consent. Requests for consent must be clearly distinguishable from other items (ie, not buried within a contract), and must be:
Individuals also have the right to review any data collected about them, change or remove any or all of that data, and have the right to rescind their consent at any time.
Under GDPR, there are two types of entities that have access to personal data. One of these is the Data Controller -- basically the person requesting and utilizing the data. Data Controllers are more responsible for maintaining a data subject’s rights and for putting into place procedures to ensure the regulations are being upheld.
In the case of WizeHive, we are a Data Controller in regards to our direct customers, sales prospects, marketing contacts, and website and blog visitors. Over the next few weeks we will be making changes to our site and internal processes, including to our subscribe, demo request, and contact forms. These changes will ensure we are collecting the correct data from individuals, that the way we will use that data is as clear as possible, and that individuals using these forms understand they are opting in by requiring them to explicitly check a box stating they understand this use. WizeHive has never sold lead or customer data with third parties, and will continue this practice.
The other type of entity described under GDPR is the Processor, an individual or organization that processes personal data on behalf of the Data Controller. This could include any software, database, or app through which a Data Controller harnesses or stores collected personal data.
WizeHive is a Processor for all of our customers that utilize our platforms to accept, review, and manage applications and other data. WizeHive will be making our ZengineTM platform GDPR compliant by the deadline; clients of our Select platform who believe they are subject to GDPR should contact us if they have not already. This will include ensuring any sub-processors we work with are GDPR compliant, as well creating plug-ins and procedures that enable our customers to be compliant as Data Controllers in regards to data access, changes, and deletion.
Reading this may have made you realize that GDPR is more relevant to your organization than you originally thought, and that you will need to make changes to your application, review process, communications strategy, or data retention policy. We highly encourage all of our customers to read the full GDPR information and consult their legal advisors to determine if their organization is subject to GDPR and what changes they may need to make as a Data Controller. While some changes you may be able to make on your own -- either through internal processes or by utilizing your administrative tools in Zengine -- others may require the help of WizeHive’s implementation and client services team.
As we approach the May deadline, customers will be receiving additional information from our team on updates we have made, options available, and how to request assistance in making changes to their workspaces.
