By now you’ve likely heard about GDPR. Or, at least, your inbox has been flooded by emails about updated privacy policies over the last several months.
We’ve been following these new regulatory requirements closely at 10,000ft, and we’ve already updated our policies to be GDPR-compliant.
Because we want to do everything we possibly can to take care of your data. And we believe companies can do a lot more to protect their customers’ information than simply keep up with the latest requirements.
For us, GDPR is only the beginning. But before we explain what we’re doing about it, what is the EU GDPR, anyway?
What’s the EU GDPR?
EU GDPR stands for the European Union General Data Privacy Regulation and it goes into effect on May 25th.
This new regulation is meant to protect citizens of the EU from having their data bought, sold, stolen, or disseminated by holding companies that process people’s data. The GDPR holds these companies to a higher standard of data security and privacy, and ensures that there are fail safes and technology in place to protect citizens' privacy.
It was built to stop companies like Facebook and Google and other huge data processors from providing too much information to advertisers (like Cambridge Analytica). And if a major data breach, like Equifax, happens in the EU, there will already be recourse in place.
We won’t go into nitty gritty details here. There are lot of other resources and best practices available about GDPR compliance, if you want to dig in further.
Why Does GDPR Matter?
Some incredibly strong fines are attached to the GDPR for companies who don’t comply. The smallest fine is €10 million, or 2% of the company's worldwide annual revenue (whichever is higher), and it goes up from there.
This is quite an increase from previous financial penalties. To put it in perspective, Hilton Hotels was fined $700K last year for losing over 350,000 guests’ credit card numbers and other sensitive data to hackers. If GDPR had been in place, that fine would have been $420 millon.
Non-compliance comes with a steep price tag, but if you need another reason, the new regulations aren’t a tall order. The amount of protection afforded to the average citizen far outweighs the amount of investment required by companies to comply.
We hope companies use the GDPR to open a dialogue about their current privacy and security policies. Though it’s a significant change for some, we believe all companies should approach these new regulations as yet another way to improve their customers’ experience.
How We Protect Your Privacy
Protecting your information and preserving your privacy is vitally important to all of us at 10,000ft.
Here are a few of the ways we protect your company data:
Our team has prepared for the May 25, 2018 deadline in the following ways:
- Working with global counsel to understand and apply current methods for transferring personal data outside of the EEA (European Economic Area).
- Investing in our security infrastructure, adding reliability and failover capabilities.
- Sharing options with customers who need to comply with data portability and data management requirements.
Read about our commitment to GDPR for more information.
Our Privacy Principles
- You own your data, always.
- Our hiring practices, training, and operations promote a “security-first” culture of responsibility.
- We implement technical controls and audits where possible to minimize human error managing your data.
- We aim to exceed industry security standards for technical standards, operational controls, and policies.
In this climate, with so much uncertainty around how our personal information is managed within the hundreds of thousands of apps we use every day, companies can no longer afford to prioritize advertising dollars over their customers’ privacy.
We’re proudly complying with the GDPR, but we won't stop there. We hold ourselves to a higher standard of integrity, and we're continuing to put in place systems and protections that we want to see deployed within every SaaS company in the world.
We truly care about our customers. It’s not just marketing speak.
We want to help you run your business better. And if you choose to use 10,000ft, we'll do all we can to keep your information safe.
If you have any questions about our security and privacy policies, email us at firstname.lastname@example.org.