The GDPR is coming and InitLive is ready.
InitLive is committed to providing the best staff and volunteer management system for events. We also take your needs for data privacy and security seriously. As of May 25 2018, all organizations working with the data of EU citizens will need to be GDPR (General Data Protection Regulation) compliant. We’re here to help our customers in their efforts to comply with the GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It applies if you offer products or services in Europe, process Personal Data from Europe or Monitor behaviour of people in Europe. It also addresses the export of Personal Data outside the EU and gives control of that data to citizens and residents. It simplifies the regulatory environment for international business by unifying the regulation within the EU.
When are these regulations starting to be enforced?
All companies collecting and/or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.
Does the GDPR prevent a company from storing data outside of the EU?
The GDPR does not prevent businesses from storing data outside of the EU, providing that the data processors adhere to the necessary regulations and protections. InitLive stores data with Amazon Web Service (AWS) in one of their US-based facilities. We have signed the AWS GDPR-compliant Data Processing Addendum (DPA), enabling InitLive to comply with GDPR contractual obligations. More info on AWS and GDPR can be found here.
How is InitLive preparing for GDPR?
We have gone through the regulations and have made modifications accordingly. Some of the tasks InitLive has done include:
- Limiting the amount of data we store for users.
- Adding the management of Consent for users.
- Restrictions around who can see user data, and we will be encrypting any sensitive data.
- Users can now request to have their personal data deleted.
Implemented strong passwords for user accounts and we will be adding session timeouts.
Why can I no longer require certain InitLive form questions?
According to article 5 of the GDPR, businesses are no longer permitted to require sensitive data or more personal information than necessary in relation to the purposes for which this information is processed ("data minimization"). While this means that some of InitLive's pre-made form questions will no longer have the option to be required (i.e. Biography, Date of Birth, Gender, T-Shirt Size), event managers can still create required custom questions in order to ask what is necessary in order to run their event.
Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.
There are also some sites which have event-specific info on GDPR:
I have more questions. Who should I contact?
If you have any additional questions about the GDPR, you are welcome to contact us at firstname.lastname@example.org