flag-2608475_1920

EASI’R and the GDPR

For all companies handling customer data and doing business within the European Union, including us at EASI’R, the GDPR is an important topic these days. In this interview with EASI’R Co-founder Jakob Knudsen, we will shed some light on the GDPR in general, and also on EASI’R’s approach and commitment to ensuring compliance to it—both as a company, as well as with our Automotive Sales and Relationship Acceleration Software. 

Easier_Aug2015_HI-res_9711-2

Jakob, starting with the basics, could you briefly explain what the GDPR is?

Jakob: The GDPR—the General Data Protection Act—is a new data protection law in the European Union, and it is certainly considered to be the most crucial piece of EU data protection legislation in 20 years. It will become effective and enforceable on the 25th of May 2018. Essentially, the GDPR regulates the processing of personal data about individuals in the EU, including its collection, storage, transfer and use.

Because the GDPR is a real milestone within the EU, we at EASI’R are currently investing a lot of time and effort into guaranteeing compliance with the GDPR by the deadline in May 2018—just like all the other companies that are currently active within the EU. For us, as an Automotive Sales and Relationship Acceleration Software provider that handles a lot of data every day, GDPR compliance is a top priority.

And what is the actual idea behind or purpose of the GDPR?

Jakob: In short, this law is meant to give individuals control over their data and to grant them more rights regarding the information they provide online.

helloquence-61189

Speaking about EASI’R, how is EASI’R specifically preparing to ensure compliance with the GDPR?

Jakob: We have a detailed step-by-step action plan to ensure compliance with the GDPR. We have prepared a clearly-timed roadmap that has been set up in close cooperation with lawyers and external consultants—we provide an overview of our complete roadmap for achieving GDPR compliance on our website.

The GDPR is very important for us, since EASI’R provides a software solution designed to handle a huge amount of data, in order to accelerate sales and relationships in automotive retail. Since our customers entrust us with their data, we have always—long before the GDPR was tabled—strived to achieve the highest level of data security possible. Given this background, one crucial milestone for us was the ISO 27001 certification that we obtained in 2016, which was renewed in 2017. In addition, we store all our data within the EU, on servers in Germany, so we have already imposed very strict rules related to data. We really welcome the GDPR and consider it a crucial step in terms of unifying the rules within the EU.

Ipad-pro-mockup

What are the implications of the GDPR for EASI’R customers?

Jakob: The most important aspect is that our customers ensure that their Terms of Service or Privacy Policy clearly and correctly communicate to their users how they are employing EASI’R’s technology on their website or app. This requirement has always been part of EASI’R’s Terms, but the GDPR can heavily penalize those who are not properly fulfilling this requirement. We recommend our customers ensure that their policies are up to date and clear for their readers—this means using language that is understandable to everyone. The use of transparent language is part of the GDPR to ensure that users understand what they are giving consent to and how their data is processed.

But, as a final point, I want to make it clear that each situation, jurisdiction and customer is unique. I would always recommend a consultation with a lawyer to clarify all relevant implications with regard to any data processing software, including EASI’R’s.

g-crescoli-364214

INFO BOX: KEY CHANGES REGARDING GDPR

Expanded rights for individuals: The GDPR grants individuals in the EU expanded rights, e.g., the right to data deletion and the right to request a copy of any personal data stored by an organization.

Compliance obligations: The GDPR requires that companies/organizations implement appropriate policies and security protocols, keep detailed records on their data activities, conduct privacy impact assessments and make written agreements with vendors.  

Data breach notification & security: The GDPR demands that organizations report certain data breaches to data protection authorities, and under certain circumstances, also notify the affected individuals. 

Profiling and monitoring: The GDPR establishes new obligations for organizations engaged in profiling or monitoring the behavior of EU individuals. 

Stricter enforcement: The GDPR enables authorities to demand high fines in the case of breach, which can be more than 20 million Euros or 4% of a company’s annual global revenue, depending on how serious the breach is and the resulting damage.

If you have any questions regarding EASI’R and the GDPR, please don’t hesitate to contact us at gdpr@easir.com.