What is GDPR?
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR) that will be effective on May 25, 2018.
GDPR dictates requirements on how companies should use indviduals' data that they process. It also imposes greater fines in case of breach.
The new law applies to all the organizations that process personal data of EU residents, even if you're outside EU. These regulations apply to both data controllers and data processors.
In case of non-compliance with GDPR, organizations will face fines of up to €20 million or 4% of annual global turnover.
There is no distinction between B2B and B2C regarding GDPR. Even the past regulations about email opt-out/opt-in are going to align with the GDPR.
What is personal data?
"Personal data" means information about an individual that:
- Can be used to identify, contact or locate a specific individual
- Can be combined with other information that is linked to a specific individual to identify, contact or locate a specific individual (e.g a user ID)
- Is defined as "personal data" or "personal information" by applicable laws or regulations.
Personal data includes contact information (names, addresses, phone numbers), online information (Member profiles, login information, IP addresses), government identification (tax ID, passport), and other data which can be used individually or in combination with other data to identify a person.
Are considered sensitive, personal data that are:
- Sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms.
- Ethnic origins or race (1)
- Biometric data
(1) Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races.
What is Livestorm doing to be compliant?
Data Protection Officer
We have named a data protection officer that will be the gate-keeper for all data processing activities. The DPO will be in charge of training and consulting teams to maintain a compliant privacy level. The DPO will also be in charge of reporting any non-compliant activities.
Finally, the DPO can be contacted at privacy@livestorm if you have any privacy concerns, questions, or wish to update/create/delete your personal data.
You can already reach out to Livestorm if you wish to update/create/delete your personal data. Feel free to contact our DPO at email@example.com.
Note that you can already change most of your user personal data from your Livestorm account.
You are able to manage your personal data as a user of Livestorm and your attendees will also be able to manage their own.
Security & Breaches
Our team is actively working on enforcing our security standards to be GDPR compliant. Here's what we already do:
- Personal data encryption
- Database backups
- Database encryption
- HTTPS connections
- Databases in EU
- 2FA authentification and roles to access your personal data
- Computer encryption
- Systematic 8+ characters passwords
- Security trainings
- Privacy & security by design
- 24/7 emergency response
Livestorm is using several vendors that process your personal data. You can request our vendors inventory to our DPO to learn more about what vendors are used, what kind of data is collected. All of our vendors are GDPR compliant and we have signed a Data Protection Agreement with them.
What you should do as a webinar host
As a webinar host, you also have obligations regarding the data you collect via your live events.
This is what you should do from now on:
- Only request minimum data possible (data minimisation) in your registration forms. Only ask what you will use.
- Don't use the webinar invites feature for contacts that have not actively opt-in for your marketing emails.
- Make sure the integrations you are using are GDPR compliant before sending personal data from your webinars.
- Make sure that the nature of the data you ask is compliant with EU regulations.