The General Data Protection Regulation (GDPR), the EU’s new privacy law that replaces the Data Protection Directive 95/46/EC, aims to bring order to a patchwork of privacy rules across the EU. GDPR will be enforceable as law in all EU member states on May 25, 2018. If you would like to read the GDPR, please find it in our documents below [1].
The GDPR was created around six core principles (Article 5) for personal data and the belief that personal data should be:
1. Lawfulness, Fairness, and Transparency – Processed lawfully, fairly and in a transparent manner in relation to individuals.
2. Purpose Limitation – Collected for specified, explicit and legitimate purposes and not processed beyond those purposes.
3. Data Minimization – Adequate, relevant and limited to what’s necessary for relation to the purposes for which they are processed.
4. Accuracy – Accurate and, where necessary, kept up to date.
5. Storage Limitation – Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Integrity and Confidentiality – Processed in a manner that ensures appropriate security of the personal data.
The GDPR contains several new protections and threatens significant penalties for non-compliance. In addition, there are new security, recordkeeping, access rights, and notification procedures that companies must implement to ensure compliance. Issues that are attracting particular attention include increased administrative requirements, and the need to provide the tools necessary to meet the numerous obligations on both controllers and processors.
GDPR and FluentStream
FluentStream takes its legal and regulatory obligations seriously. Moreover, we take data privacy and security very seriously. We are constantly working to ensure we collect and process the data we deal with in a lawful, transparent manner. We have never and will not share any of your personal data with third parties.
To that end, we wanted to share with our community some information about FluentStream’s practices and procedures related to data collection and GDPR compliance.
Security: FluentStream’s platform is packed with enterprise security features that make us the trusted platform for hundreds of companies, ranging from start-ups to publicly traded companies. FluentStream has implemented appropriate technical and organizational measures to satisfy the requirements of the GDPR, to ensure the level of security of personal data is appropriate to the level of risk, and to help ensure the protection of the rights of individuals.
These include but are not limited to the following:
- Use of industry encryption on data in transit wherever possible.
- Application-specific firewalls and no presumption of trust between endpoint nodes within our network.
- Active monitoring of security incidents and events.
- Logging and attestation for actions taken within our system.
GDPR Contract Update: Both FluentStream and its customers are jointly and separately responsible for certain actions under the GDPR. Therefore, the GDPR requires shared responsibility to protect an individual’s privacy rights. GDPR Article 28 requires that a contract is in place between a controller and a processor. For years, FluentStream’s Terms of Service have provided the fundamental legal requirements and obligations regarding data ownership, confidentiality, processing responsibilities, and more.
However, if a customer of FluentStream desires to update their agreement with FluentStream with any GDPR-specific language, please email FluentStream at legal@fluentstream.com.
[1] – http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN