On May 25th, the EU General Data Protection Regulation (GDPR) will go into effect. All European Union countries, along with companies aboard who target EU residents, will be complied to adopt the same regulations for ensuring data privacy. As the Marketing Director at Valiantys, I am closely following this major reform which will significantly impact how we communicate with our customers and prospects.
The foundation of Valiantys rests on key values to which we hold fast; we believe in having open, honest communications with our clients and ensuring they have an awesome experience working with us. So even before the EU Parliament approved the GDPR in 2016, Valiantys was already committed to your data protection, notably by using tools that ensure security.
However, new questions arose with the impending implementation of the GDPR: What will be the impact on our database? How can we invite guests to our events? Can we still play our role as an educator in the Atlassian ecosystem? As we prepare to make our database legal in the eyes of these new regulations, we decided to be proactive rather than reactive.
Furthermore, we believe these regulations are a prime opportunity to renew our customers’ and prospects’ trust in Valiantys – and thus we welcome the challenge.
What does the GDPR really mean?
The General Data Protection Regulation takes into account new realities of the digital age and strives to empower a framework for data protection. The rights of individuals are strengthened to restore their confidence in their interactions with companies. Companies that collect, process and analyze personal data must take on new responsibilities at the organizational, technical and legal level. In particular, the previous declaration to the ICO is now being replaced by companies having the responsibility to keep a record of how they manage collected data.
How is personal data defined?
To gain a true understanding of the GDPR, we first have to defined the term “personal data.” According to the GDPR website, personal data is “Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.”
Personal data can be anything from:
- An email address
- A professional telephone number
- A person’s job position
- The address where a person works
- Geolocation data (IP address, GPS data, etc.)
- Cookies on websites
- An identification number
- Anything that corresponds to a person’s physical, psychological or economical identity
Key points in the GDPR
Responsibility, consent and security are at the heart of this reform. Here are the key points from the Information Commissioner’s Office (ICO) to remember and respect – which Valiantys is in the process of fully implementing.
According to the ICO, “Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement, and enhance your reputation.”
Users need to be informed as to how their data will be used and should give a clear, positive opt-in response – or be able to oppose it if they choose. This concerns emails, cookies, communications made by call centers, invitations to events – in short, all the marketing levers.
Personal data breaches
The ICO states “The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.” Likewise, the individuals who were targeted need to be notified as well.
The right to data portability
The ICO defines this as allowing “individuals to obtain and reuse their personal data for their own purposes across different services.”
Right to erasure
This is also know commonly as “the right to be forgotten,” and is defined as enabling “an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.”
Data protection by design and default
“Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities.” As such, it is imperative that the tools and infrastructure used must be in compliance with GDPR regulations and allow users to remain in control of their privacy regarding what is shared with other users.
Valiantys’ approach to the GDPR
The GDPR evidently impacts the entire data lifecycle, challenging organizations to strengthen their governance, master business processes along with its supporting architecture. As Valiantys rises to the occasion, here are the steps we are taking to guarantee we fulfill our commitments:
Appointing a Data Protection Officer
This person is delegated to ensure the correct application of GDPR along with regular monitoring. He will be responsible for staying up to date on new obligations, advise Valiantys staff of those obligations, raise awareness of the GDPR with employees and be the direct representative to the ICO. We’re pleased to announce that Jérôme Anstrousse, the General Manager France, will take on this role on behalf of Valiantys.
Our information systems
We will continue to ensure that all of our digital tools (CRM, website, marketing tools, etc.) are in compliance with the GDPR, including domains such as data processing and storage for employees, subcontractors, customers and suppliers.
The concept of explicit consent will be applied to Valiantys’ website and emails. You will shortly have the option to determine which communications you want to receive by accessing your personal preference settings and selecting the email categories (events, the monthly newsletter, DevOps, etc.) which interest you.
We promise to protect data regarding both our internal employees but also prospective candidates. We will be required to trace the origins of where the data was collected from candidates and delete their data within a reasonable time frame.
All our employees will be educated on the GDPR so they are knowledgeable of the roles, key principles and processes. To avoid a data breach, we’ll also reinforce knowledge around hacking risks and basic security measures to implement (notably password management).
At Valiantys we’ve always taken data protection seriously, and we welcome the GDPR and look forward to fully implementing these regulations by May 2018. Our mission is more than commercial – we also strive to be educators and keep our community informed around new trends and best practices in the Atlassian ecosystem. As such, it is our fundamental belief that privacy of our customers and prospects should be respected; it is something we’ve done naturally since our naissance
How can I stay informed?
You may already be receiving communications from Valiantys, and in that case you may wonder how you can continue to stay informed regarding our updates.
To be certain you’ll continue to receive all or part of our communications, you will have to give us your clear consent. How? In a few weeks we will send you emails as part of the GDPR implementation process. These emails will aim to obtain your explicit consent regarding the reception of our emails. Once you have given us consent, you will be able to access a preference center where you can specify the content that interests you.
Below is the list of topics you can choose from. You can select as many options as you’d like:
- Newsletter: Our monthly newsletter for trends and best practices in the Atlassian ecosystem
- Valiantys Apps Newsletter: Our quarterly newsletter to keep you updated on nFeed, Exocet, Elements and Spreadsheet apps
- Events and Webinars: Receive invitations for Atlassian networking events and webinars to improve your professional knowledge
- Trainings: Keep track of courses, locations and dates for Atlassian training
- Valiantys Apps: Alerts for new releases
- Test Management
- Project Management
Please note that if we don’t receive any explicit consent on your part, you will not receive any communications from Valiantys starting from May 26th, 2018. For example, this includes important invitations to our community through webinars and events. We urge you to look out for this email (which will have GDPR in the subject line) to remain informed on Valiantys’ offers and Atlassian products.
If you have any questions on these regulations, you can send us an email.
Saving time and stay informed!
If you prefer not to wait, sign up to our newsletter now. You’ll continue to receive our communications, and you can change your preferences as soon as the preference settings become available.