Are you GDPR compliant?

If you’ve landed on this page, you’re probably here for one of two reasons:

A) You’re a European firm who’s interested in hiring Caktus, in which case: Yes, we’re GDPR compliant! Ask us about it here.

B) You’re trying to figure out what GDPR is and if you need to care about it. If so, read on!

GDPR, or the European General Data Protection Regulation, is a set of rules about how companies collect and use individual personal data. While the law is based in the European Union, it also applies to any companies outside the EU who do business there. That’s why US-based companies like Facebook and Google were paying attention, and why we wanted to ensure compliance as well.

It helped that we were mostly compliant to begin with.

GDPR is designed to ensure that personal data is protected and respected, which falls right in line with our Caktus values. We’re passionate about data security, and we have always maintained strong internal security protections around data that we store or process. Also, we have protections around access to personal data, don’t sell or share contact information, and have always approached our marketing and sales activities from a foundation of respect and honesty.

So what did we change?

To confirm our compliance, we reviewed and updated our internal policies regarding data collection, storage, and usage. Much of this simply involved adding more detail to our current processes. We also examined unusual edge cases and ensured we have policies in place to handle those scenarios. This resulted in a new and more detailed Privacy Policy, plus new internal documentation that explicitly states our guidelines around data collection and management.

We also made a number of small but deliberate tweaks to how we collect and use personal data. For example, instead of pre-checking the “Would you like to subscribe to our newsletter?” checkbox on a contact form, we leave that blank. Therefore, by checking that box, you’re now providing “active consent” to receive our newsletter. You will not be opted-in by default, and that’s the new standard to which we’re holding ourselves. (Speaking of, if you’d like to opt-in to our newsletter, you can do so here.)

We’ve learned a lot, so let’s put that knowledge to use.

Internally, we’ll use our deepened understanding of data protection to ensure that we continue to meet and exceed the law. This will be an ongoing and evolving international conversation, and we intend to stay on the forefront of any changes.

We would also be happy to share what we’ve learned. If you’re exploring a project that will involve the collection or use of personal data, we have an intimate understanding of GDPR compliance to complement our technical expertise. Contact us to start that conversation.

Developers at computers working on upgrades project
blog comments powered by Disqus



You're already subscribed