The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. It will take effect from May 2018.
At Mobilize, we’ve been working hard to prepare for GDPR, to ensure that we fulfil its obligations and maintain our transparency about community interactions and group communication and how we use data.
Does the GDPR affect everyone?
If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How is Mobilize preparing for GDPR?
Our team has been working hard on preparing the roadmap for the GDPR release. This is a massive overhaul of processes and data models to make sure we’re meeting our legal obligations, and doing the best we can to protect our customers while still allowing us to move fast, scale and develop great features.
How we are ensuring that we, and our customers are up to meeting the GDPR obligations:
We’ve built new features
Our teams are building the necessary features that will enable our customers to easily meet their GDPR obligations.
Mobilize can help you meet your data portability requirements for GDPR, you can easily export all of your data linked to an individual and permanently delete all data linked to an individual member.
We've also added some more features to allow you and your members to have more control over your data:
- Getting member consent
- Deleting a member
- Deleting content like posts and chats
- Leaving a community
- Closing my Mobilize account
We’ve created a Data Processing Agreements (DPAs):
Strong data protection commitments are a key part of GDPR’s requirements. Our data processing agreement shares our privacy commitments and sets out the terms for Mobilize and our customers to meet the GDPR requirements. You can download the DPA here or you can find it in our GDPR section of our Help Center.
We will be certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed upon by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield framework.
We’re coordinating with our vendors
We’re reviewing all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. Some steps you can take are:
- Get familiar with the GDPR requirements and how they affect your community.
- Map out everywhere you process data such as - list servs and excel databases.
- Look at your community roadmap, think about privacy when you’re planning.
- Chat to your lawyer about what your community needs to do to.
Feel free to reach out to us if you have any questions about GDPR