Dear Customers and Partners:
Besides working on achieving and maintaining our compliance with the European Union’s (“EU”) General Data Privacy Regulation (“GDPR”), we wanted to take this opportunity to let you know we are actively engaged in assisting our Customers to meet compliance now with the GDPR. Waiting until May 25, 2018 is too late. You are already collecting data for marketing, meetings and events that occur after the GDPR deadline.
Lenos Software embraces the GDPR as an opportunity to deepen our commitment to data protection. Compliance with the GDPR is a partnership with our Customers. We have made enhancements to our Platform and will be reaching out to Customers to amend our licensing agreements to support our mutual compliance with the GDPR.
Privacy issues have been at the forefront of my 25+ year career with the Office of the Comptroller of the Currency (regulating national banks), as a Partner in a global law firm (representing banks, financial services firms, health care and insurance companies/organizations in compliance and regulatory matters) and now as a technologist, Co-Founder and CEO. Lenos Software, trusted by leading brands since 1999, was founded on Privacy by Design principles. Privacy is personally very important to me, as well as my colleagues at Lenos Software.
In summary, the GDPR provides EU citizens specific privacy rights regarding the collection, storage, transfer and use of their personally identifiable information. The GDPR also provides standards of care and duties and responsibilities for data controllers (which includes many of our Customers) and data processors (which includes many of our other Customers and Lenos Software). Requirements of the GDPR are extraterritorial in reach and affects all companies, regardless of their location. Many EU citizens are citizens of other countries, as most EU countries provide for dual citizenship, or they authorized to work in other countries.
Non-compliance with the GDPR will result in significant fines and penalties of … “[u]p to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher” … for data controllers and data processors. In general, penalties and fines are not insurable, as that is contrary to public policy.
The GDPR requires the posting of conspicuous and “plain language” privacy policies before an individual’s information is collected to ensure that informed and affirmative consent is given for the collection of their data and how their data is stored, transferred and used, whether in a personal or business setting. Tracking of individuals by using cookies or other mechanisms is also prohibited by the GDPR unless affirmative and informed consent is provided.
Since 1999, Lenos Software’s solutions are developed by “Privacy by Design” principles. What does this mean?
We have always required that customers post their Privacy Policies and Terms of Services to collect data.
We have never re-targeted or re-marketed individuals that access or register on a website (that is, we have never followed an individual across the Web to display advertising).
After data is collected from a registrant, they have the right to withdraw their consent, at any time, which will require the deletion/erasure of their personally identifiable information. If data is collected before May 25, 2018, and used after that date, GDPR would apply to the access and management of that data, which in some cases may require obtaining of an affirmative and informed consent.
The simple answer is NO. Why? Trust is the paramount to all data collection and trust is an asset. The best approach is to adapt all data collection processes to match the GDPR requirements, as it will mean that your organization is more likely to comply with all privacy requirements and ensure that the data collected is of the highest quality. This approach establishes you and your organization as a leader in ensuring the privacy of your customers, employees and partners as you recognize and respect the privacy of all individuals. As trust is the “new currency” and your organization’s brand is paramount, protect and promote brand equity by adopting privacy standards that engender trust in your audience. Nothing is more important than trust.
Lenos Software has released a GDPR Consent and Data Management Module to assist Customers to manage their GDPR compliance and provide an audit trail, a history of actions taken. This module enables Customers to automatically:
Track and retain Privacy Policies, as well as ensuring their integrity
Require an affirmative Consent from an individual before their data is collected
Enable registrants to edit the data that is collected
Provide registrants the ability to Withdraw their Consent
Identify actionable requests for Consents that have been withdrawn, are expired, provided by proxy or need to be affirmed
Enable and track communications in Consent management
Identify if the registrant that has Withdrawn their Consent has registered for other meetings and events
Track registrant transactions to determine whether data has been shared with third-parties in fulfillment of their meeting/event participation
Ensure the secure and permanent deletion of personally identifiable information when required
Transfer GDPR related data and information to Salesforce
Reproduce and replicate GDPR requirements across multiple meetings and events in minutes
Maintain recordkeeping to comply with the GDPR and enable a Customer’s Standard Operating Procedures, internal controls and audit requirements for the time that the data is retained by the Customer
User controls which may be assigned by the Customer on a “need to manage” and “need to know” basis
This module was released in January 2018 by Lenos Software and has been successfully implemented by Customers, often within an hour. The module is licensed by Customers:
On an annual basis
Based upon the number of records that are managed by the Module
Requires subsequent renewals for the term that data is retained by the Customer (as stated in their Privacy Statements) to ensure compliance with the GDPR
We are partnering with Customers to ensure that the GDPR Consent and Data Management Module will be implemented and preferential licensing fees will be provided to Customers who have been long-term licensees of our solutions.
Implementation of the GDPR Consent and Data Management Module may also include partnering with Compliance, IT, Legal, Marketing, Privacy, Procurement and Security at your organization. We are prepared to share our knowledge and experience, and will work with you to ensure a successful implementation and outcome.
Please feel free to give me a call or send me an email regarding these important issues.
Debra A. Chong, Esq.
Co-Founder and CEO
For more information regarding GDPR and Privacy, follow us on LinkedIn: