This is not legal advice. We urge you to consult your own legal counsel to familiarise yourself with the requirements that govern your own specific situation.
You’ve probably heard about the EU’s new regulation, called the General Data Protection Regulation (GDPR), which is a new comprehensive data protection law designed to strengthen and unify data protection for individuals within the EU. It essentially gives EU residents and citizens more control of their personal data.
Any business, regardless of size, that is based in the EU or processes personal data of EU residents and citizens is impacted by this regulation.
If you own an EU business, there are several key changes under the GDPR that will impact you:
- There is an expanded definition of “personal data.” Personal data is any information related to a natural person that could be used to directly or indirectly identify that person. For example, name, email address, telephone numbers or a computer IP address.
What this means for you: Make sure you and your staff are aware of and fully trained on the type of information you are collecting and how to handle personal data.
- There is an increased emphasis on individual rights. GDPR gives your clients greater control over their personal data, including the rights to access, correction, portability, and erasure.
What this means for you: You should have a defined process and be prepared to respond to and honour the requests of your clients regarding their personal data.
- There are new breach notification requirements. The GDPR requires you to report certain personal data breaches to the relevant authority and inform individuals as necessary.
What this means for you: Make sure you have clearly defined plans in place in the event of a data breach and that your staff is aware of and fully trained on your process.
Here’s what MINDBODY is doing to support our EU customers as they prepare for the GDPR
Keeping your data secure and readily accessible are our greatest priorities. At MINDBODY, we’re working hard to ensure that our tools and processes support you as you prepare for the GDPR.
As a customer (‘data controller’ under GDPR terminology), you are responsible for ensuring compliance with the key requirements of the GDPR. MINDBODY will provide you with assistance in meeting those requirements where possible and appropriate, such as:
- Tools and processes to assist our EU customers in honouring individuals’ requests, including requests for deletion, data portability, access and rectification. These processes will be even easier after new functionality is released in May.
- A new preference centre, launching in May, that will make it easier for your clients to opt in and out of communications sent through the MINDBODY software (except for those types of communications that are operationally necessary, such as purchase receipts, forget password notifications, etc.).
Visit our GDPR Support Area for more specific details and answers to many of the questions you may have regarding GDPR readiness.