General Data Protection Regulation
Announcement Date: 05/07/2018
Overview
On May 25th, the EU General Data Protection Regulation (GDPR) will come into effect. These new regulations enforce new principles and guidelines for how companies and individuals can collect, use, and disclose personal data from EU residents.
We believe the GDPR represents a positive step forward in protecting individual privacy and establishes a new standard for obtaining clear consent when collecting personal data.
Legal Disclaimer
The following information is provided for general information purposes only and may not be relied upon as legal advice. You should talk to a qualified, licensed attorney before relying on any information in this announcement.
Who the New GDPR Rules Affect
The GDPR applies to any company that collects, retains, and/or otherwise processes personal data from residents in the European Economic Area (“EEA” or “EU”). That includes Merge Mobile Inc, the provider of FastField, and you as our customer.
Stated plainly, anyone or any organization who hosts a website that can have even a single EU visitor is impacted by this law. Therefore, any company that acts as a data Controller or data Processor of any EU residents’ personal data is subject to these new laws.
Our goal in this document is to avoid the typical legal jargon and state in plain English our approach to addressing GDPR as well as preparing you as a Collector of data.
Definition of Personal Data
GDPR has a broad definition for the term Personal Data. The law states that it generally encompasses all information about a specific person, including:
Or any other information that can lead to identifying a real person.
Definition of a Data Controller
A data Controller is a person or company that collects personal data and decides:
Merge Mobile is a data Controller of FastField users’ account data. This includes phone number, email, and physical address. Our customers are the data Controllers of information gathered through the forms they create and distribute using our system.
The data Controllers have the most responsibilities under GDPR, and must make sure that proper consent, where necessary, is obtained before collecting, storing or using personal data.
Data Processer Definition
A data Processor is a person or company that processes personal data on behalf of a data Controller.
Because we do not define or control the forms that our customer setup or dictate how they collect data using those forms, Merge Mobile is considered the data Processor of personal data collected via forms setup in our system. As Processors, we’re committed to supporting your GDPR compliance.
What We've Done to Get Ready for GDPR
We’ve been doing a lot of work behind the scenes to get ourselves ready for GDPR and to help our customers meet their new obligations under the GDPR.
The following list outlines the steps we've taken to prepare for GDRP:
What You Should Do to Prepare for GDPR
If you have created forms to collect personal data from EU residents, you have responsibilities as a data Controller. The following list outlines some important steps to take to ensure your compliance with GDRP:
Please be sure to review the full GDPR regulation to understand all the obligations that you may have as a data collector.
What's Next
On May 25th, we’ll be updating our Terms of Use and Privacy policy to include additional data processing terms which will include the following:
These new terms will come into effect on May 25th, so we encourage you to review the updated Terms and Privacy Notice(s) as they are updated in the next coming weeks, which will apply to you if you continue to use our products and services on and after May 25, 2018.