As a nation, we were riveted as Facebook founder and CEO Mark Zuckerberg testified before Congress recently on how the company leverages information derived from the use of its social media platform. There has been blowback, as many people have purportedly ditched Facebook because they don’t trust the company will safeguard personal information.
While in the U.S. we’ve got a hodgepodge of regulations focused on very specific buckets of personal data, the European Union has taken the broader is better approach and has been working towards a far-reaching set of new regulations. For those with an international footprint, these four letters have likely been on your mind for some time – GDPR. That stands for the General Data Protection Regulation and enforcement of GDPR begins on May 25, governing the way businesses treat the data of people living in the EU.
The way Businessolver or any other benefits technology company uses data is vastly different than what Facebook does. The “experience” we’re delivering to members is related to their effective use of their benefits. We’re not trying to influence what they believe, who they vote for, or where they shop for shoes. This data has a very specific use and should only be shared with a closed loop of predetermined vendor-partners.
While Businessolver isn’t an EU business, and we don’t generally have EU employees on our system, we have been monitoring the impact of GDPR as an emerging standard. As a result, we have reviewed our systems and processes and are confident we have the systems and controls in place to comply with these regulations, and to help ensure our impacted customers are complying with GDPR.
If you have employees in the EU, you should discuss GDPR standards with your technology vendor as well as your internal IT and data security resources to ensure you are treating the data of EU citizens appropriately.
These are the processes and safeguards we use here at Businessolver, and we have shared this information with our client base to ensure they feel comfortable with our controls around GDPR compliance. If you need to discuss internally, feel free to share this list with your tech folks.
Even without EU employees, the imminent effective date of GDPR is the perfect opportunity for you to ask your benefits administration vendor for a similar run-down of how they are safeguarding your employees’ data. Better to be safe than face a data breach that could have been avoided with some ad hoc due diligence.
Get more insight into cybersecurity and data protection below.