What is GDPR?
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It will come into effect on 25 May 2018.
It imposes strict controls on how all organisations collect and process personal data within the EU and/or the personal data of EU citizens.
What is GDPR for?
The primary purpose of GDPR is to protect the rights of people whose data is being processed, these are known as the data subjects.
Who has to comply with GDPR?
Any individual or organisation that determines the purposes and means of processing personal data of EU citizens, as well as the organisations that carry out this processing have to comply with GDPR.
Under the terms of the GDPR the individuals or organisations that determine what happens to this personal data are referred to as data controllers. When a data controller sends information about a data subject to a third party for any kind of processing then that third party is known as a data processor.
For example: If a prospect or customer (data subject) asks you to email them a quote and provides you with their email address (personal data), the process of you sending that email will involve you sharing this personal data with your e-mail provider (data processor).
It is your obligation as data controller to take the necessary steps to ensure that any data processors you send personal data of EU data subjects to are compliant with GDPR.
What does GDPR have to do with conference calls?
When you invite somebody to join your conference call and they agree, they are consenting for you to use some of their personal data (name, email address, phone number etc) for the purposes of facilitating that conference call and therefore become a data subject.
Under GDPR it is your obligation as data controller to ensure that when you pass this data to your conference call provider (data processor) to host the call, that the personal data of this data subject is used only for this legitimate purpose, is accurate and up to date, is retained only as long as necessary and is processed in an appropriate manner to maintain security.
What has Meetupcall done about GDPR?
At Meetupcall we take GDPR seriously and are committed to being fully compliant and helping our customers to be compliant. Here are some of the steps we've taken:
Carried out a GDPR audit
We conducted a comprehensive GDPR audit and gap analysis and adjusted systems, policies and procedures to ensure company-wide compliance with GDPR. Including reviewing arrangements with third-party vendors to ensure they are fully GDPR compliant and meet our own strict requirements for data and security.
Training and awareness
We’ve delivered GDPR-focused training across key areas of the business, so that everyone in the business fully understands how the GDPR impacts their own day-to-day functions.
Our product and security teams have made the necessary changes and improvements to our product in order to ensure it is fully GDPR compliant, including developing systems to meet some key data subject rights, such as access requests and the right to request data deletion.
Data processing addendum (DPA)
How can Meetupcall help you comply with GDPR?
By signing up to Meetupcall you enter into an agreement which gives us a legitimate basis to process your data, inline with GDPR requirements. In order to use Meetupcall services it is necessary for us to process some of your data.
As a customer we will act as a data processor for you and we are committed to ensuring you are able to meet your own obligations as a data controller, including:
- Keeping data secure
- Responding to data requests
- Providing copies of data subject's data
- Deleting a data subjects data
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data. If you have any questions, please don't hesitate to contact us at firstname.lastname@example.org.