News & Blogs

What is GDPR and what does it do to keep data private?

Pauline Besnier on GDPR

Everybody found out about the new privacy rules when opening their mailbox a few weeks ago. Companies were flooding many inboxes to explain the GDPR and asked for permission to send more emails in the future. But what do these rules tell us and what does it mean for clients and users of Minddistrict? Compliance officer Pauline Besnier explains.

What is GDPR?

The new privacy rules, called the General Data Protection Regulation (GDPR), are designed for all European countries, Besnier explains: “Till now, all European countries had their own privacy rules. The European Union decided that it would be better to have the same privacy rules for all EU countries. With these new rules, they want to push companies to be more careful with the use of personal data and take care of the privacy of Europeans.”

'It’s a big change for companies because it totally changes the way they work and do business.'

The GDPR gives EU citizens more rights when it comes to privacy. Companies emailed frequently in the past, whether you liked it or not. Under the new rules, you can prevent this because they have lost the right to do so without permission: “We now have the right to say: I never authorised you to send me emails. It’s also no longer allowed for companies to share the data they have with other companies.”

If you really want to dive into the subject, have a look at the GDPR Wikipedia page.

More than just permission

The new rules do not only require permission from the client. Companies also need to explain what the data is specifically being used for: “It’s a big change for companies because it totally changes the way they work and do business. They used to think: let’s get as much data as we can and we’ll see what we can do with it. Those days are over now. It’s about explaining what data you receive, what you use it for and how long you are going to save it.” So, it’s not only a big change for the legal department, but for the entire company.

An illustration showing data security

Every country has a specific authority which will check if companies are following the rules, Besnier explains: “It’s also possible to report a complaint when you think that your data is being used without permission. You can even raise a claim against that company and the privacy authority will investigate.” A few of the biggest companies in the world, Facebook, Google and Twitter, are already under investigation by authorities at the moment: “Small companies probably have to worry less at this point, as the authorities go after the big guys now. Plus, the point of the GDPR was also to change the mentality, so if you show that you are making an effort to do better, you’re headed in the right direction.”

GDPR compliancy should be transparent

For users and clients of Minddistrict, the biggest change is transparency: “We already started informing people about our new privacy rules, what’s happening and changing for them. We’re trying to write this down as clearly and briefly as possible, in a user friendly way. We don’t want to give people a huge document with difficult terms and words about privacy. Everybody has to be able to understand what we do with the data we get.” It’s important to be extra civil, Besnier says: “You have rights and we are here if you want to use those rights, modify something or want us to erase information.”

'Keep in mind that you do have more rights now, so make use of that.'

The new changes were announced in 2016 and Besnier started to work on implementing them at Minddistrict about half a year ago: “Many companies started late with the adjustments of their privacy rules. Everyone has to change something, change the way they work and handle information. You could tell that from the emails flooding your inbox, it looked like some companies were panicking.” If you want to find out if a company actually made changes, check their privacy statements: “See what they write about keeping your data and using it. A lot of companies are probably still updating their statements though. So is Minddistrict.”

Security processes, also in your own work

The information that users and clients share on the platform is safe: “Security processes make sure that’s the case and you can also check those processes. But of course, you also have a responsibility to keep your passwords safe. Always be careful with that, don’t choose obvious passwords or write them down somewhere.” Read more about keeping safe passwords in the blog 'Are you doing it safe?'

Your own GDPR security measures Don't forget your own security processes

Clients can find some of the new statements online already: “We are still working on how to present this in the best way possible, for current clients and users as well. We don’t want to overwhelm our clients with too much info.” The biggest changes should already be visible. Less spam building up in your mailbox, fewer popups that ask permission or consent to use some data, or requests to sign an agreement on the use of data: “But keep in mind that you do have more rights now so make use of that if you feel like you need to.”