May 25th 2018 marks an important date for RingCentral and our customers in Europe and around the globe as the European Union will introduce the General Data Protection landmark privacy regulation, highlighting the changes to its existing privacy guidelines.
The GDPR builds on the previous EU Data Protection Directive, which left the data protection landscape in Europe with a lack of consistency and a patchwork of national regulations. The GDPR will centralise data protection in the EU and will be governed by each nation’s regulatory body. With the weight of large fines behind it, the GDPR is making organisations think very seriously about privacy and how they process the personal data of individuals in the European Union (EU).
The GDPR not only applies to organisations and businesses within the EU but to anyone that processes EU data, giving the GDPR a global reach.
Those who don’t abide by its rules will face a penalty of as much as a four percent of global revenue or a fine of €20 million, whichever is higher, not to mention the potential for class-action lawsuits!
This is an important development for us. As the global leader in cloud communications solutions, we believe the digital world can thrive when we connect people and data in an ethical and secure way, protecting the personal information of our customers.
The GDPR means more protection and transparency of personal data and less tolerance for unsecure and unethical use of data. Organisations must be more transparent with how they process and protect data, demonstrating not only compliance with the GDPR but how they comply. That means producing documented policies, audits, and training policies to show that an organisation is compliant.
Compliance will take a number of different strategies, but most of all, the GDPR requires companies to take a holistic approach to how they process personal data, with a focus on ethics and governance.
Key rights under the GDPR, which are provided to EU persons to give them more control over their own personal data, are as follows:
The most famous right is the right to be forgotten. More formally known as Article 17, The “Right to Erasure,” which provides the right to request data to be deleted. In other words, EU persons will now have the right to have personal data that might be held by companies deleted.
Another right is the right to access in which EU persons have a right to know whether data is being held on them, for what purpose it is being used, and to request a copy of that data . This goes hand in hand with the right to be informed, which requires organisations to be completely transparent about how they use personal data.
Data portability means that citizens can actually get their personal data that’s being held by an organisation in a machine-readable format. They also have the right to give that information to another entity.
With the right of rectification, individuals will be entitled to have personal data corrected if it is inaccurate or incomplete .
In order to give our customers utmost protection and privacy data, we have updated our privacy guidelines:
- Policies and standards: We have developed a process to identify data lifecycle for more transparency, accuracy, accessibility, and security.
- International transfers:
- RingCentral maintains a Privacy Shield certification, which allows valid transfer of data between the EU and the US.
- We offer a Data Processing Addendum, which oversees the relationship between us and our customers, and that too has been updated to demonstrate our GDPR compliance.
- Third-party audits and certifications: RingCentral has obtained several certifications in order to demonstrate our commitment to protecting data. For example, RingCentral Office® is SSAE-16 SOC 2 certified. RingCentral Office also maintains HITRUST CSF certification, a rigorous certification to ensure protection of data.
To review more information about RingCentral privacy practices and handling of data please see the Privacy Notice at https://www.ringcentral.com/legal/privacy-notice.html.