Last updated: May 25, 2018
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies and organizations use and protect EU citizens’ data, and it takes effect on May 25, 2018.
We certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
What is the GDPR?
The GDPR is the new European privacy law that replaces the EU Data Protection Directive. The law requires that business protect the privacy and personal data of EU citizens and transactions that occur within EU member states.
What is "personal data"?
Personal data is any data that relates to an identified or identifiable natural person. Examples of personal data includes identifiers such as name, location data, and unique online identifiers.
How has ezTalks been preparing for the GDPR?
The General Data Protection Regulation (GDPR) will become enforceable in the European Union in May 2018. At that time, ezTalks will be fully compliant with this regulation. Our privacy team is currently working with our EU and global customers to help them prepare for using ezTalks after the GDPR becomes effective. We are also reviewing our entire product suite and business practices to ensure we fully support our customers with GDPR compliance.
How can ezTalks customers prepare for the GDPR?
Know where your customers are geographically located: The GDPR applies to EU citizens and transactions that occur within EU member states. Therefore, to ensure that you are compliant with these regulations, you must be able to determine where your customers are located.
Ensure that appropriate consent is obtained: The GDPR favors the use of opt-in consent mechanisms (explicit consent) e.g. unselected checkbox over opt-out consent mechanisms (implied consent) e.g. pre-selected checkbox. Additionally, data subjects (your customers) should be able to withdraw their consent as easily as it was given and have their personal data erased.
Develop data breach response plans when personal data is involved: Organizations should have a clear, defined plan if personal data is breached. The GDPR requires that notice must be provided without undue delay and, where feasible, not later than 72 hours after having become aware of it. ezTalks will notify affected customers without undue delay if we become aware of a data breach of our services.
Hire a Data Protection Officer ("DPO"): The GDPR makes the appointment of a DPO mandatory when the activities of the data controller involve "regular and systematic monitoring of data subjects on a large scale" or where the entity conducts large-scale processing of "special categories of personal data" (such as those revealing racial or ethnic origin, political opinions, or religious or philosophical beliefs). The DPO should have expert knowledge of data protection (privacy) law and practices.
Does ezTalks currently provide any product features to assist customers with their GDPR compliance program?
ezTalks customers can delete information by several mechanisms:
- • Account administrators can delete users from the account
- • Cloud recordings can be managed (password protected) and deleted
- • The host can delete upcoming or previous meetings
- • Terminated accounts are only retained for 30 days to assist with product reactivation, if desired. After 30 days have passed the account is permanently deleted