On May 25th 2018 the General Data Protection Regulation (GDPR) will come into full force. Unless you’ve been hiding under a rock for the last few months you’ll both know about it and hopefully will be prepared for it.
The bottom line with GDPR is that it gives people more control over their privacy and that is a good thing. However it’s a seismic shift for business, especially those of us who focus on digital services.
So over the last few weeks there has been a mad scramble from service providers to issue updated privacy policies and terms of service etc., to make sure that their products and services are still compliant with the updated data protection rules. You’ve probably been flooded with emails from companies, including ones you’d forgotten about, regarding updates to their privacy policies – I know I have!
So what has Blacknight been doing?
We’ve been working on our GDPR compliance internally for some time – you might have read some blog posts here where we’ve talked about some of the issues and challenges. We are ISO accredited which has been very helpful in giving us both a head start on our compliance work, but also in giving us some of the frameworks for mapping and documenting everything.
A couple of months back I shared a draft matrix which mapped how we view our responsibility for data and how we think that responsibility should be split (or shared) between ourselves and our clients and vendors for some key products and services. We’ve made a few tweaks to it over the last couple of months and published the an updated version here (PDF).
If you use our services for hosting anything from your personal website up to a big e-commerce project then the matrix helps outline who is responsible for what.
Bottom line is that we provide infrastructure on which people and companies build out content. We have responsibilities, but they’re often shared with our clients depending on which services the client is using.
Blacknight is an Irish company and we use Irish data centres to offer our hosting services. We also use several 3rd party companies to offer certain services and they either use servers in Ireland or in other parts of the European Union.
We’ve been registered with the Irish Data Protection Commissioner for several years.
Which documents have Blacknight published?
We have always felt that being transparent about what we were doing and why was the best way to go, so we have already published and shared several documents pertaining to our GDPR activities and those of companies we work with. Here’s what we’ve published so far:
We’ve been working with our suppliers to ensure that:
- they have compatible data protection policies
- we have access to their documented data protection policies
- any necessary changes will be in place by the May 25th deadline
So, for example, we use MailChimp for a lot of our email marketing, including sending updates from our blogs. MailChimp (aff) have published a comprehensive set of documents on how they’re dealing with GDPR and have updated their signup forms for subscribers to clearly show that we’re using them to handle those emails.
We will be publishing more information about GDPR and how it pertains to the products and services we offer in the coming weeks and months.
There’s a growing list of “legal” documents here.
What can you do if your questions haven’t been answered?
We realise that while many of our clients’ GDPR queries will have been addressed in the various documents and policies that we have published there will still be areas that are unclear. We get it. So if you have any outstanding questions about how Blacknight is handling GDPR you can contact us via email: firstname.lastname@example.org and we will try to respond to you within 2 working days.