As of May 25th, 2018, the European Union’s new legislation regarding EU citizens’ Personal Data in the jurisdiction of the EU is coming into effect. Its name is GDPR and stands for General Data Protection Regulation.
Minsh takes privacy very seriously and I’d like to take a minute to explain what GDPR is about and how we abide by it. You may be interested in learning more about our processes in this Minsh Processes FAQ.
- Personal Data. Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. There is a wide range of information that fits into this definition, e.g., a person’s full name, phone number, email address, etc.
- Data Controller. The organization that decides of the purpose, conditions and means of the processing of Personal Data. In our case, each one of our clients is a Data Controller.
- Data Processor. The entity that processes the data on behalf of the Data Controller. In our case, Minsh.
GDPR stands for General Data Protection Regulation. It is a legal framework that provides guidelines as to how Personal Data of individuals in the jurisdiction of the European Union (EU) should be collected and stored. GDPR comes into effect on May 25, 2018. Its goal is really to strengthen the right to privacy of the EU citizens and to protect their Personal Data, whenever it is collected and stored.
GDPR applies to “Personal Data”, as defined earlier. In the case of Minsh Apps, it mostly applies to the data users provide when they sign up and/or complete their profile page on a Minsh App; although some other information provided in different places of the app (messages, events, comments, etc) may fit the description too.
GDPR applies to any organization that offers goods or services to, or that processes or stores Personal Data from EU data subjects, regardless of the organization’s location. In other words, wherever you are, if some of your users are EU citizens, GDPR applies to you.
While drafting your policy, keep in mind that your information should be succint and understandable. We make sure it is easy to access by making it available in your Minsh App’s sign up page and settings page.
Be aware that GDPR gives your users who are EU citizens the right to request to access, edit, or delete their Personal Data. It is important to provide them with the adequate support and comply with the GDPR requirements, should they approach you with such a request. If this happens, we suggest you take the following steps:
- Confirm the user’s identity
- Reply to them rapidly to inform them that you are processing their request
- Do not delay: a request to delete or edit Personal Data must be done within a week, but should never take more than 30 days, while a request to access Personal Data should be complied with within 30 days.
Please, contact us at firstname.lastname@example.org and we will promptly assist you.
Any further questions? Feel free to contact me at any time!