As your inbox can attest, the May 25 deadline for GDPR is upon us. We recently hosted a #TwilioChat with Sheila Jambekar, Associate General Counsel at Twilio, to answer questions from our community about GDPR.
Here’s a quick recap:
What happens if a company not GDPR ready by the May 25 deadline?
No one can say for sure. The regulators will likely give you credit for working on it and for being diligent. Many regulators themselves admit they aren’t fully ready. But, your customers may be tougher on you than the regulators.
Does GDPR mean I have to keep all of my EU personal data in the EU?
No. But if you do transfer data out of the EU, there’s a few extra safeguards you have to put in place in your contracts. These are called “appropriate safeguards” or “transfer mechanisms.” For more on this, read GDPR and EU Data Location Requirements.
If my company sells ONLY to customers in the US, are we excluded from GDPR?
If you are based in the US, and you don’t have EU operations, and don’t offer your services in the EU, then you are not bound by GDPR. However, if you have operations in the EU or knowingly have customers in the EU you are.
I run a small SaaS company based in the US and I’m not big enough for the EU to come after me. Do I really need to worry about GDPR?
Yes. Because your customers worry about #GDPR and can get into trouble if you’re not GDPR compliant. And your customers don’t need to be based in the EU to care, they just need to have EU customers of their own.
Am I responsible for ensuring that all the vendors I work with are also #GDPR compliant? How do I do that?
Yes. If you need to be #GDPR compliant, the vendors that process your EU personal data also need to be compliant.
Ask vendors to sign a Data Protection Addendum (DPA). Most companies on top of their game will offer a DPA. You can also write your own DPA and ask vendors to sign it. Take a look at Twilio’s DPA here.
This is the first in series of Twitter chats we will host designed to help connect our community around relevant topics and sharing best practices. Watch for upcoming chats, and as always, feel free to join the conversation anytime using the hasthag #TwilioChat.
- Twilio’s DPA
- GDPR And EU Data Location Requirements
- What You Should do to Protect Your Data on Twilio
- Twilio’s Whitepaper: Be Prepared for GDPR
- Design thinking and GDPR
- What Twilio is doing to protect your data
- GDPR: Data Subjects, Controllers and Processors, Oh My!
- Getting to know the four magic letters of compliance: GDPR