GDPR is a hot topic for everyone at the moment, with us all receiving emails from companies requesting for your consent or updating your preferences. At this stage we wanted to take a moment to reach out to you all, not only to let you know what how we are tackling GDPR and what it means to you.

The team have taken alot of time to understand the full policies in their written form and speaking to industry experts and data experts, below is our brief summary of what GDPR means to WeAreTheCity and you. Although this article is not exciting to some, we urge you to read if you have 5 minutes.

What is GDPR?

“The General Data Protection Regulation (GDPR) is a regulation (binding legislation, not just a directive) by which the EU intends to strengthen and unify data protection for all individuals from the European Union (EU). It also addresses the export of personal data outside the EU.

It aims primarily to give control back to EU citizens and residents over their personal data and to simplify the regulatory environment for international business (any company that is gathering, processing or storing the personal data of EU citizens).”

GDPR also includes steep sanctions for any company that is not compliant with the GDPR regulation after May 25th, 2018, when the GDPR goes into effect.

Key Principles of GDPR

Here are the key principles you need to be aware of:

  1. Personal data collected needs to be processed in a fair, legal, and transparent way. It should not be used in any way that a person would not reasonably expect.
  2. Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
  3. Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
  4. EU citizens have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization without hindrance.
  5. All personal data needs to be kept safe and secure, and companies undertaking certain types of activities are now required to appoint a data protection officer.Data privacy policy and GDPR

What is WeAreTheCity doing about GDPR?

We know that personal information, privacy and GDPR are big deals. Which is why we are focusing specifically on getting us ready for the GDPR. We strongly believe this a step in the right direction for our users.

Here’s how we’ve divided our time and resources:

  • Identifying Personal Data: We are currently in the process of mapping the different levels of personal data that is collected, stored, used, and disposed of.
  • Data Privacy Impact Assessment: Analyzing the risk to data that a system might pose. Systems that collect, transmit, process, or store personal data are validated to ensure processing is consistent with our privacy notices.
  • Data Portability, Update & Erasure: While the ability to change or delete your data was already in place through our support teams, we are a looking at a more streamlined version that will allow for the automation of these tasks.
  • Consent: We are drawing up data processing agreements that will clearly define what data we need, for what purposes, and will require your explicit consent in order to process your data after May 25th.
  • EU-US data storage and Swiss-US Privacy Shield Certification: EU customer’s data may be transferred to and processed by our US entities as well (for example, we mainly house WeAreTheCity in the US). In accordance with the GDPR, we need to ensure that our US entity offers the same level of protection of the EU data, as guaranteed in the GDPR, even though it is subject to US jurisdiction. This has been confirmed and our server farm is held under the Privacy Shield Certification.
  • Enhancing Data Security: Data security has always been a critical issue for us. We are reviewing our policies to further enhance data privacy and data security measures.
  • Changes in the services and websites: If you are a returning and loyal member of WeAreTheCity, you will have noticed that we have changed the look and feel of the site, this echoes some of the hardened security and policies we have put in place to protect you, your data and security.
  • Being Visible & Achieving Transparency: Providing visibility and transparency on how collected personal data is used is of utmost importance. We identified different levels at which we are using personal data and are in the process of mapping and clarifying this information in order to achieve transparency and provide visibility to our users.

What does this mean for me?

Here’s what you need to be aware of:

Your Rights

  • Transparency: We are making it even easier to understand what is happening to your personal data.
  • Consent: Choose what data is collected about you (with the ability to change that choice).
  • Update and Erasure: Update or request deletion of your data.
  • Portability: Take your data elsewhere in a portable format.

Our Obligations

  • Due Care: Safeguard your data.
  • Minimization: Minimize the risk of your data being exposed.
  • Privacy By Design: Analyze the risk a system might pose to your data.
  • Notification: Communicate data breaches quickly.

What’s coming next?

What else can you expect to change in the coming months? Here’s what we have on our plan:

  • New Privacy Policy
  • Revised Terms of conditions
  • Introduction of GDPR forms and requests
  • Email verification for existing subscribers
  • Changes to our data collection policy and online forms
  • Revised website policies for the entire WeAreTheCity Network
  • Changes to our premium membership program and data security

 

If you have any specific questions around our plans, intentions and policies, please do get in contact with us.

 

The WeAreTheCity Team