General Data Protection Regulation (GDPR) – and Q-Flow
We’re sure you’ve all heard about the General Data Protection Regulation (GDPR) that came into effect May 25th 2018. It applies to all companies (whether in Europe or not) selling and sorting personal data about EU and EEA citizens, and provides these citizens with greater control over their personal data.
As we all know, data protection has been around for a while, but the GDPR was created particularly to enable individuals to control, monitor, check, and if desired delete information belonging to them.
As there are many aspects to GDPR, we’ll go over those that are most common and relevant to Q‑Flow® users.
One of the main things about GDPR is that it requires companies to collect and process personal data lawfully, i.e. with a legal basis. There are six possible legal bases for data collection and processing, including where processing is necessary for the performance of a contract, or to comply with a legal obligation to which the company is subject — but the most common base is Consent. Consent doesn’t always have to be explicit. Explicit consent is required only in the case of collecting sensitive personal data such as ethnicity or race, health data, religion, political views and so forth, or when transferring personal data outside the EU on the basis of the individual’s consent.
The right to be forgotten is also a major part of GDPR. This right is not an absolute right as many may think, it’s also limited to certain cases such as when the personal data is no longer necessary for the purpose it was collected for, or if that data was unlawfully collected.
Another important aspect of the GDPR is that companies must notify their clients and customers if there’s been a data breach which compromises the personal data. This notification should be within 72 hours of discovery.
Last but not least, companies can be fined up to 20 million euro, or 4 percent of global turnover if they don’t comply with GDPR, which provides a grave incentive for compliance.
Due to the complexity of this regulation we recommend consulting with your legal experts to make sure you are in full compliance, as the practice can vary between companies and situations.
Advice is a dime a dozen, but we also want to provide practical help, so for users of Q-Flow we recently released "Forget Me", a Q-App that helps the business delete any identifying information of a customer. ‘Forget Me’ anonymizes all cases related to the customer in the Q-Flow database, while retaining the basic performance data for future statistics and reports.
Important Note: This post is for informational purposes only and not for the purpose of providing any legal advice or a substitute for legal counsel.