❓What is GDPR?
GDPR, short for General Data Protection Regulation, is a privacy regulation enacted by the European Union (EU) in April of 2016, designed to safeguard the privacy and control of personal data in the digital realm. It grants citizens of EU member countries more control over their digital footprint, fostering trust in online businesses and thereby promoting growth in the digital economy.
At ZELIQ, we understand the importance of GDPR compliance and its impact on businesses. The regulation took effect on May 25, 2018, and failure to comply can result in significant financial penalties, with potential fines reaching up to 4% of the global annual turnover or 20 million euros, whichever is higher.
👉🏼 Why is GDPR important for ZELIQ?
GDPR is of utmost importance to ZELIQ, and it likely affects our company in some capacity. Whether we operate in the EU, sell to EU citizens, or monitor the actions of EU citizens, we must adhere to GDPR guidelines to maintain trust with our customers.
To help you navigate GDPR's key terms, here's a glossary:
Consent: Before contacting individuals in the EU, explicit permission must be obtained, especially if the contact information was obtained through a third party.
Cross-Border Data Transfer: The act of sending data and personal information outside the EU/EAA borders.
Data Subject: A natural person and EU citizen whose information has been collected and can be identified by a data controller.
Data Controller: Organizations that manage or collect personal data, including ZELIQ and our customers.
Data Portability: The right of a data subject to obtain their personal data from the data controller in a machine-readable format.
Data Processor: A party instructed by the data controller on how to handle and use personal data—ZELIQ acts as a data processor too.
Data Subject Rights: GDPR introduces new rights for data subjects, including the right to be forgotten, the right to data portability, and the right to object to profiling.
GDPR Articles: The GDPR is divided into sections, including the Articles, which contain the text of the legislation and the Privacy Management Activities (PMAs) required for compliance.
Personal Data: Personal data typically collected by ZELIQ includes name, company address, phone number, email address, and IP address.
Privacy by Design and Default: Companies must prioritize data privacy throughout the design process and build default privacy controls into new features.
📍 Impact of GDPR on Sales Teams:
ZELIQ's sales teams understand the importance of consent required from individuals for collecting and processing personal data. Under GDPR, marketers must have a legal basis for data processing, which can include consent or a legitimate interest not outweighed by individuals' rights and freedoms. B2B marketing, when executed thoughtfully, can be protected as a legitimate interest.
To ensure GDPR compliance, ZELIQ maintains a comprehensive approach:
Data Processing Addendum: Our Privacy Policy and Terms of Service include a Data Processing Addendum, granting users control over their data and the right to access or remove it from our system.
Strong Data Security Measures: ZELIQ has achieved SOC 2 and ISO 27001 security accreditations, demonstrating our commitment to data security, availability, and confidentiality.
Advanced Data Controls: We employ encryption to protect customer data and maintain industry-leading information security standards.
Data Incident Response: ZELIQ has well-defined data incident response processes, regularly tested for effectiveness.
Data Recovery and Integrity: Processes are in place to aid customers in recovering lost or corrupted data.
Data Sub-Processors: We work with key data sub-processors like Amazon Web Services and Google Cloud Platform, which also meet high-level security standards.
As both a data controller and data processor, ZELIQ takes GDPR seriously to ensure the privacy and security of our customers' data while maintaining compliance with the regulation.