It’s just under two weeks until the General Data Protection Regulation (GDPR) lands and it has already made waves.
With the weight of large fines behind it, the GDPR is making organisations think very seriously about privacy and how they process the personal data of individuals in the European Union (EU).
In the run up to May 25, RingCentral is on its GDPR journey! We believe the digital world can thrive when we connect people and data in an ethical and secure way. We’re in the same boat as our customers and understand the importance of privacy, and we are committed to protecting the personal information of our customers.
The GDPR builds on the previous EU Data Protection Directive, which left the data protection landscape in Europe with a lack of consistency and a patchwork of national regulations. The GDPR will centralise data protection in the EU and will be governed by each nation’s regulatory body.
The GDPR means more protection and transparency of personal data and less tolerance for unsecure and unethical use of data. Organisations must be more transparent with how they process and protect data, demonstrating not only compliance with the GDPR but how they comply.
The GDPR not only applies to organisations and businesses within the EU but to anyone that processes EU data, giving the GDPR a global reach.
Those who don’t abide by its rules will face a penalty of as much as a four percent of global revenue or a fine of €20 million, whichever is higher, not to mention the potential for class-action lawsuits!
Compliance will take a number of different strategies, but most of all, the GDPR requires companies to take a holistic approach to how they process personal data, with a focus on ethics and governance.
For the most part, the GDPR aims to put control over personal data back into the hands of European Union persons, known under the law as data subjects. There are a number of key rights under the GDPR, which are provided to EU persons to give them more control over their own personal data.
The most famous of these is the right to be forgotten. More formally known as Article 17, The “Right to Erasure”, which provides the right to request data to be deleted. In other words, EU persons will now have the right to have personal data that might be held by companies deleted.
Another right is the right to access in which EU persons have a right to know whether data is being held on them, for what purpose it is being used, and to request a copy of that data that is held on them. This is hand in hand with the right to be informed, which requires organisations to be completely transparent in how they use personal data.
Data portability means that citizens can actually get their personal data that’s being held by an organisation in a machine-readable format. They also have the right to give that information to another entity.
Individuals will be entitled to have personal data corrected if it is inaccurate or incomplete provided by the right of rectification.
For details on all EU persons’ rights, you can refer to this article.
We have updated our data protection program. Here are some of our updates:
- Policies and standards: We have developed a process to identify data lifecycle for more transparency, accuracy, accessibility, and security.
- International transfers:
- RingCentral maintains a Privacy Shield certification, which allows valid transfer of data between the EU and the US.
- We offer a Data Processing Addendum, which oversees the relationship between us and our customers, and that too has been updated to demonstrate our GDPR compliance.
- Third-party audits and certifications: RingCentral has obtained several certifications in order to demonstrate our commitment to protecting data. For example, RingCentral Office® is SSAE-16 SOC 2 certified. RingCentral Office also maintains HITRUST CSF certification, a rigorous certification to ensure protection of protected health information.