As a professional services business owner who provides IT services to organizations in Rhode Island, Massachusetts, and Connecticut, I never expected that I would spend 40-50 hours becoming intimately acquainted with a new law passed by the European Union. But that’s exactly what I have done since the rollout of the General Data Protection Regulation on May 25th, 2018.
I don’t have any European clients and very few of our clients actively transact with anyone residing in the European Union. However, since the implementation of GDPR and its effect on citizens of all European Union countries, there are many implications for my company and the companies we service.
As an overview, the law was enacted to protect the personally identifiable information (PII) of citizens from European countries. In order to meet these obligations, it may be prudent to use a cloud-based tokenization solution to pseudonymize data within your internal systems. By using such techniques offered by companies such as TokenEx, you can virtually eliminate the risk of data theft and retain much of the business utility of your data.
Any business that collects and stores this information is subject to a number of other requirements as well. These requirements include:
- Stating how information will be used in advance of collection
- Providing users an opportunity to opt-in and consent to have their information captured
- Purging the data when the business’s reason for collecting the data has expired (i.e., a warranty period)
- Sending users the information that has been collected about them upon request (they then have the right to send the information captured to any other company)
- Outlining a clear and effective process that users can follow to have their data erased, which can be tricky when it comes to data backup systems (i.e., if the data is erased from the current database, how does it get removed from any prior backup copies?)
- Notifying users in a timely manner in the event that your database is breached
As a general rule, you must protect the interests of your customers or prospects about whom you have identifiable information. If your website collects information about visitors and leaves cookies on visitor’s systems, you have to follow these requirements whenever any EU citizen visits your website.
Since the Facebook/Cambridge Analytica scandal, it is likely that the requirements for data privacy are going to become law on this side of the pond, as well. If you haven’t already started a dialogue with your IT support team, it may be a good time to start. While I think the chances of getting caught for non-compliance may be a long-shot, the fines can be astronomical.
Not sure where to start? Reach out to a NetCenergy representative, and we’d be happy to start a conversation about data protection and compliance.
Nick Eckman joined NetCenergy in 2016 from an international gaming company. Nick’s experience with supervising and implementing secure, fiber and copper wire infrastructure services provides our clients with a team of highly trained and experienced technicians. In addition to the skills required to manage our infrastructure services department, Nick brings a very experienced and focused approach to project management and is a stickler for accurate documentation for every project designed and built by his team.
Peter Lachapelle joined NetCenergy in 2015 and is responsible for leading all of NetCenergy’s operations and accounting functions. Each department within NetCenergy reports through Lachapelle. He brings his years of experience to maintain a pragmatic, efficient, client-focused team at NetCenergy. Lachapelle joined NetCenergy after completing a 27-year career with a Rhode Island, federally-charted bank which culminated in his senior management position as COO and CFO for the bank.
Peter Nelson has 25+ years of technology and management experience and has been with NetCenergy since inception. Peter serves as the VP of Engineering at NetCenergy. His role consists of managing the engineering staff, driving the companies technology strategy, and ensuring NetCenergy keeps up to date on new technologies and solutions.
As a Founding Partner, Dan is a result oriented individual who is always focusing on what is best for his client. He understands that business applications empower an organization and that technology must support those critical business applications. Dan’s technology career started in 1990 at EMC Corporation. Through the years, he has represented technology and consulting services for several organizations until 2003, when he and Don Nokes founded NetCenergy.
As President of NetCenergy, Don is responsible for ensuring client satisfaction, overseeing overall performance, and for providing direction to the organization. Prior to co-founding the firm with Dan Charland, Don held senior leadership positions with IT service firms ranging in size from $3 Billion to $10 Million in annual sales.
With decades of hands-on HR experience, Margery Ahearn is our Director of Human Resources, overseeing all hiring of new positions for NetCenergy with a careful eye on sourcing technology savvy engineers and skilled office-based professionals who fit our company culture, understand our commitment to our clients, and bring their time and talents to our team. Margery has both a BA and MBA in Business Administration from Southern New Hampshire University.