What is the GDPR?

According to CSO, an online news source from IDG Communications, “GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.” This data includes basic identifiers like name, address, and ID numbers; web information, such as location, IP address, and cookie data; health, genetics, and biometrics data; racial, ethnic, and sexual orientation data; and even political views. As a result, this has launched businesses into action, enacting key changes to practices affecting personal privacy, controls and notifications, transparency of policies, information technology, and training.

Who does the GDPR affect?

Wait – this only applies to Europe, right? Wrong. And failure to comply could prove both dangerous and costly. According to Microsoft, “The GDPR imposes new rules on organizations that offer goods and services to the European Union (EU). It also applies to those that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.” More specifically, this includes:

  • Companies with a presence in an EU country
  • No EU presence, but using EU resident data
  • Over 250 employees
  • Under 250 employees, when the effect of its data-processing extends to sensitive personal information.

Or in other words, everyone.

A survey conducted by PricewaterhouseCoopers found  92% of American companies pegged GDPR compliance as a “top data protection priority.” Chances are it will be very soon that doors will open to other regulatory standards of the like.

How has LTi responded? 

The GDPR seeks to help the good guys to do right by their customers. This also means protecting us from malicious cyberattacks by bad guys around the globe. This leads us to LTi’s proactive approach to compliance. From the latest FASB Lease Accounting Standards in February, to now the GDPR in May. We strive to deliver maximum transparency to our customers, further building loyalty and trust. Keeping this in mind, here are the eight core GDPR requirements affecting what we do at LTi. We have also provided the actions we’ve taken to ensure unwavering compliance.

GDPR Compliance:

International data transfers

LTi Compliance Solution:

To minimize international data transfers, we utilize our well-established hosting facility in the UK. This strategic response to business expansion across the pond falls in line with our efforts to reach GDPR compliance. We also maintain certification under the EU-US Privacy Shield Framework, and our data is encrypted at-rest and in-transit with AES-256.

GDPR Compliance:

Request consent to collect personal data

LTi Compliance Solution:

ASPIRE templates can be used to standardize best practices for privacy and consent documentation. Templates to obtain consent can be customized for web-based services at the time of collection. Additionally, LTi’s website features a checkbox for prospective customers interested in receiving marketing materials via email.

GDPR Compliance:

Retain personal data records

LTi Compliance Solution:

ASPIRE’s document repository allows company controllers to maintain records of past consent and privacy notices in a clear, organized manner. ASPIRE’s transactional database simplifies tracking and processing through standard inquiry at both the contract and account level. This establishes important guidelines and provides greater transparency throughout organizations moving forward.

GDPR Compliance:

Share personal data with individuals or controllers upon request

LTi Compliance Solution:

Users can create ad hoc reports to deliver the personal data of one or more individual in the ASPIRE database. This is pending administrative approval of course. This information can then be saved and exported in various formats – whatever best serves your needs.

GDPR Compliance:

Individual right to erasure

LTi Compliance Solution:

Our customers come first, and that includes their right to be forgotten. Upon request, LTi can mask personal data within the ASPIRE database. However, you should first consult your organization’s Data Protection Officer or a decision-maker of similar authority. You will want to ask about additional regulation for financial data or legal ground for processing.

GDPR Compliance:

Additional product and service security measures

LTi Compliance Solution:

In ASPIRE, system administrators maintain exclusive control over configuration of security profiles and access to personal data within the organization. Unless a user has permission, they will not have access the pages or the individual’s data will be concealed.

GDPR Compliance:

Data breach notification

LTi Compliance Solution:

Our Incident Response Policy is compliant with the GDPR’s 72-hour notification requirement for data breach reporting. Our support team audits our tracking database and written agreements. They may also review employee computers at random to ensure customer data is not being misused.

GDPR Compliance:

Lawful basis for processing personal data

LTi Compliance Solution:

Finally, LTi’s Privacy Policy thoroughly details the Privacy Shield principles we abide in regards to visitor information. The information we gathered through our company website is collected, maintained, and utilized under the GDPR rules. For example, when visitors request additional information, LTi extends the option to include personal contact information.

In Review

The GDPR is a European privacy law that goes into in effect Friday, May 25th.

  • At face value, the GDPR sounds like a confusing, regulatory buzzkill created by big government. But after sorting through the technical jargon, that’s clearly not the case.
  • The GDPR has the best interest of the consumer’s individual security in mind. It will encourage better practices for handling personal data, including transparent communication in policies, reporting, information technology, and training.
  • The GDPR will help businesses do right by their customers, while also safeguarding against malicious hackers.

At LTi, we are steadfast in our commitment to the security, privacy, and peace of mind our customers experience. We believe the GDPR’s emphasis on consent to personal data and transparency in how it is used. Going forward, this will undoubtedly pave the way for similar, progressive initiatives to make our world a better place online.

Request a Demo
  • Name * Required
  • Privacy Policy * Required
    By submitting this form, you agree to the data usage terms and conditions outlined in our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.