In April of 2016, the European Union (EU) passed the General Data Protection Regulation (GDPR).
This policy, which will be enforced beginning on May 25, 2018, has garnered significant attention globally as new regulations are unprecedented in both their stringency and scope.
Because Yesware takes privacy concerns very seriously, we are committed to adhering to any and all compliance requirements within the time frame provided.
To help you better understand GDPR and how we’re preparing for it, we’ve outlined some of the key steps we’re taking below. We hope that it provides you valuable insight into our process for reaching compliance.
But before we share how we’re handling GDPR, here’s a quick primer on what GDPR is and why you should care about it.
What is GDPR?
Essentially it’s a set of rules and regulations that dictate what data a given company can store, how it can be stored, and how companies must respond in the case of a data breach and/or a request from an EU resident to have his or her data deleted.
Why should I care?
Because the scope of GDPR is so far-reaching, any company with a web presence may be impacted. And since the punishment for non-compliance is significant (€20 MM or 4% of global revenue, whichever is higher), it’s well worth your time to do your research.
How is Yesware preparing for GDPR?
In order to proactively prepare for the new GDPR landscape, Yesware has taken the following steps:
- Assigned the most senior members of our Operations, Marketing and Engineering teams (including our CTO) to spearhead our GDPR-compliance efforts.
- Partnered with a premier data-security consulting firm who has vast experience working with other Cloud-based software companies like Yesware to achieve data security best practices. These specialists will collaborate closely with our senior leadership and legal experts to guide our compliance efforts.
- Initiated a web-sweeping preliminary audit of any and all partners who are in any way involved in our data processing (“subprocessors”). We have begun the process of engaging each of these partners in order to ensure that each will be GDPR-compliant and has signed a robust Data Protection Agreement that reflects the stringency of the new GDPR policy.
- Established an internal team to identify potential product features or enhancements that may help to make it easier for you and your business to stay compliant within the new landscape.
- Begun developing a comprehensive set of best-practices that will enable us to promptly and reliably company with any EU member’s request for the erasure of data.
Although these are only a few of the most critical steps we’re taking, we hope this high-level overview illustrates the seriousness with which we treat GDPR compliance as well as our commitment to reach these goals.