GDPR Compliance

The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become effective and enforceable on the 25th May 2018.
Arena.im is fully committed with the GDPR prior to the regulation’s effective date. Compliance with and to international law and regulations are very important to us.

 

We intend to improve the experience for users on Arena.im. Although GDPR applies exclusively to data collected from persons located in the European Union (EU), our plans focus on network-wide improvements and new functionalities for all users on Arena.im.

Here’s a condensed version of our GDPR compliance. Arena.im has also engaged with numerous outside attorneys on our approach.

  • Thoroughly research the areas of our product and our business impacted by GDPR – COMPLETE
  • Appoint a Data Protection Officer – COMPLETE
  • Rewrite our Data Protection Agreement – COMPLETE
  • Develop a strategy and requirements for how to address the areas of our product impacted by GDPR – COMPLETE
  • Perform the necessary changes/improvements to our product based on the requirements – COMPLETE
  • Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – COMPLETE
  • Finalize and communicate our full compliance – COMPLETE

What changes is Arena.im making to be GDPR Compliant?

We improved anonymity within our widgets and making changes to allow you to tailor how you request consent within our dashboard. We’re also working on interfaces that will allow you to address requests from your customers related to their rights for accessing any personal data that might stored in your Arena.im account.

Arena.im already offers a strong Do Not Track (DNT) framework. This includes both honoring DNT settings from browsers and allowing users to opt-out of tracking within Arena.im for user behavior. Currently, users with Arena.im accounts can update their settings to opt-out of tracking across all devices and browsers where they are logged in. Logged-out users or readers without Arena.im accounts can also opt-out of tracking for individual browsers.

Based on the research conducted by both our inside and outside counsels we are confident these changes will address the requirements of GDPR.

Facilitating Subject Access Requests

We afford users right to access the information that Arena.im holds about them and the right to have that information deleted. Users can delete their account or request access to all the information Arena.im holds about them by emailing us at [email protected]

I’m new to the GDPR and would love more details on what it is

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

In summary, here are some of the key changes to come into effect with the upcoming GDPR:

  • Expanded rights for individuals:The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
  • Compliance obligations:The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
  • Data breach notification and security:The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
  • New requirements for profiling and monitoring:The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.

If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.

If you have any questions, please don’t hesitate to contact us at [email protected]