You’ve probably heard that from May 25th, people living in Europe will have an easier time understanding how their personal data is being handled by companies that ask for it. This is a summary of how Camayak is working to comply with the new regulations and a resource for people interested in their ramifications.
Within GDPR (General Data Protection Regulation), companies that acquire personal data relating to individuals are reminded that:
- They must process and store people’s data securely
- They must be transparent about who that data passes on to and why
- They must allow their customers to audit their fulfillment of their claims
The new GDPR directives also have the welcome effect of incentivizing companies to offer you the same transparency due to European residents; no matter where you live. For example: even if you don’t support individual privacy (we do), it’s quite simply more efficient for small and mid-sized web-based software services like Camayak to assume that GDPR applies to all our customers than to try and keep an unregulated relationship with customers that don’t live in the European Union.
But there’s more to complying with the new rules than giving your company’s terms and conditions a Spring clean. Helpfully there are much larger companies that operate in similar ways to Camayak which we’ve been able to learn from as they look to satisfy the new guidelines. Here are some of the highlights that we’ve appreciated so far:
- Zendesk keep a really clear list of the people (nicknamed ‘subprocessors’) that they work with who may also be handling personal data from Zendesk’s customers. We’ve created something similar.
- Google Ads invite customer audits and thoroughly demonstrate how they work to protect personal data from being breached.
- Slack introduced a profile deletion tool. While allowing users to request that their profiles be deleted, neither Slack nor Camayak offers its users the ability to delete content that they’ve created in quite the same way. This has been a hot button topic for some of our clients in the past, as individuals have requested that some of their past work – or even content where they are the subject matter – be redacted from the public domain. Camayak’s default position remains that such decisions are down to the organization owners/editors.
Joining many other companies, we’re updating our Privacy Policy and and Terms of Service to make our business goals and practices even more transparent, without collecting more personal data or changing the way we handle it. Here are some of the more substantial changes we’re making in order to adequately meet the expectations of the new legislation:
- Children. To use Camayak you must now be 16 or older.
- Your rights. We’ve made it clearer how you can exercise your data rights.
- Data deletion. We’re sympathetic to the appropriate reasons for someone wanting to have certain personal data completely removed from Camayak.
- Use of your data. We’ve made it even clearer what we do with personal data.
- Data monitoring. You can audit how we’re doing with your data and request it back from us.
- Data sharing. We’ve clarified whom we share your data with and why.
- Security reporting. If there’s a breach of your data, we’re going to tell you and the appropriate regulators about it right away.
For a thorough look at our new policies, check out our updated Terms of Service and Privacy Policy. As ever, you can write to us at privacy@camayak.com to object to any particular way in which we handle your data and we’ll address your concerns in the spirit these new protections are set up to encourage.
