For all companies handling customer data and doing business within the European Union, including us at EASI’R, the GDPR is an important topic these days. In this interview with EASI’R Co-founder Jakob Knudsen, we will shed some light on the GDPR in general, and also on EASI’R’s approach and commitment to ensuring compliance to it—both as a company, as well as with our Automotive Sales and Relationship Acceleration Software.
Jakob, starting with the basics, could you briefly explain what the GDPR is?
Jakob: The GDPR—the General Data Protection Act—is a new data protection law in the European Union, and it is certainly considered to be the most crucial piece of EU data protection legislation in 20 years. It will become effective and enforceable on the 25th of May 2018. Essentially, the GDPR regulates the processing of personal data about individuals in the EU, including its collection, storage, transfer and use.
Because the GDPR is a real milestone within the EU, we at EASI’R are currently investing a lot of time and effort into guaranteeing compliance with the GDPR by the deadline in May 2018—just like all the other companies that are currently active within the EU. For us, as an Automotive Sales and Relationship Acceleration Software provider that handles a lot of data every day, GDPR compliance is a top priority.
And what is the actual idea behind or purpose of the GDPR?
Jakob: In short, this law is meant to give individuals control over their data and to grant them more rights regarding the information they provide online.
Speaking about EASI’R, how is EASI’R specifically preparing to ensure compliance with the GDPR?
Jakob: We have a detailed step-by-step action plan to ensure compliance with the GDPR. We have prepared a clearly-timed roadmap that has been set up in close cooperation with lawyers and external consultants—we provide an overview of our complete roadmap for achieving GDPR compliance on our website.
The GDPR is very important for us, since EASI’R provides a software solution designed to handle a huge amount of data, in order to accelerate sales and relationships in automotive retail. Since our customers entrust us with their data, we have always—long before the GDPR was tabled—strived to achieve the highest level of data security possible. Given this background, one crucial milestone for us was the ISO 27001 certification that we obtained in 2016, which was renewed in 2017. In addition, we store all our data within the EU, on servers in Germany, so we have already imposed very strict rules related to data. We really welcome the GDPR and consider it a crucial step in terms of unifying the rules within the EU.
What are the implications of the GDPR for EASI’R customers?
But, as a final point, I want to make it clear that each situation, jurisdiction and customer is unique. I would always recommend a consultation with a lawyer to clarify all relevant implications with regard to any data processing software, including EASI’R’s.
INFO BOX: KEY CHANGES REGARDING GDPR Expanded rights for individuals: The GDPR grants individuals in the EU expanded rights, e.g., the right to data deletion and the right to request a copy of any personal data stored by an organization. Compliance obligations: The GDPR requires that companies/organizations implement appropriate policies and security protocols, keep detailed records on their data activities, conduct privacy impact assessments and make written agreements with vendors. Data breach notification & security: The GDPR demands that organizations report certain data breaches to data protection authorities, and under certain circumstances, also notify the affected individuals. Profiling and monitoring: The GDPR establishes new obligations for organizations engaged in profiling or monitoring the behavior of EU individuals. Stricter enforcement: The GDPR enables authorities to demand high fines in the case of breach, which can be more than 20 million Euros or 4% of a company’s annual global revenue, depending on how serious the breach is and the resulting damage.
If you have any questions regarding EASI’R and the GDPR, please don’t hesitate to contact us at email@example.com.