The EU has introduced important new data privacy legislation called General Data Protection Regulation (GDPR) that will go in effect May 25th. This new sweeping regulation, introduced to strengthen the privacy rights of EU citizens, represents important new data protection guidelines that all organizations working on the internet should be aware of. GDPR is meant to protect personal data and how organizations process, store and destroy this data. It applies to anyone collecting data on EU citizens (even inadvertently) and threatens steep financial penalties for non-compliance.
Since the new legislation was announced, we’ve had a lot of questions from our users on what this means and if the Ona data service would be compliant. At Ona, the security and privacy of our users and the data they collect has always been our top priority, and we are fully committed to complying to GDPR. For the past few months, our team has been working diligently to plan for GDPR and ensure our product offerings and terms of service will be compliant with these new regulations.
Over the next two weeks, we will share more formal announcements regarding use of Ona under GDPR. Until then, here is an update of what our preparations for GDPR look like.
- In the next few weeks, we will be updating our terms of service to help ensure our users understand what the new GDPR requirements mean to you. This will include requiring any organisation or individual that collects personally identifiable data (PII) data on EU citizens to sign a Data Processing Agreement. This document will outline the requirements that the organisation or individual will need to adhere so that they use Ona in a GDPR compliant manner.
- Before May 25th, we will introduce important technical product changes to allow us to better meet the compliance requirements for GDPR.
- We will continue to invest heavily in our security infrastructure. At Ona, we have established a dedicated Site Reliability Team that is responsible for ensuring that our products and services employ the best practices in security and privacy. This includes the heavy use of encryption throughout our systems. We will continue to invest heavily in our infrastructure to ensure that our users have a seamless experience, and their data is protected.
- We will continue to actively monitor the emerging guidance around GDPR compliance, and will adjust our policies, processes and tools accordingly if changes are required and will continue to communicate these changes and endeavor to explain to our users their responsibilities under these changes.
We will communicate more on GDPR and what it means in the days to come. We just wanted to share our commitment to this important process.