Published on May 24, 2018
By Steve Youngman, VP Finance and Legal
Hushmail is ready for the General Data Protection Regulation (GDPR). Starting on May 25, the GDPR requirements will govern all forms of online data collection, ranging from email services to SAAS subscriptions to ecommerce transactions, for anyone living in the European Union or conducting business with customers in the EU. As we stated in December, Hushmail has been preparing for this transition since it was approved in 2016. Since we wrote about becoming GDPR-compliant, multiple news stories have underscored the importance of protecting personal data through defined and enforced regulation. Let’s take a look once more at what you can expect from a GDPR-compliant Hushmail.
Under the GDPR, businesses must acquire clear consent from individuals to use their data for specific purposes that are spelled out in detail. Hushmail has always required a consent from a new subscriber. However, we have expanded this consent to require new customers to actively consent to specific uses of their data. Hushmail customers are also able to easily withdraw their consent at any time with a separate, easy-to-fill-out webform to contact our customer care team with their request.
Securing data is an ongoing process integral to all Hushmail services. We have always been diligent about securely storing and never sharing customers’ personal data. However, should a breach occur, our strict adherence to a policy of full transparency is in line with GDPR policy requiring immediate notification, a clear description of the breach, and a recommendation of what individuals can do to protect themselves from harm related to the breach.
Of course, an organization never wants to lose members or subscribers. However, having the ability to make a clean break from an organization you no longer want to be affiliated with is a big part of the GDPR. A clean break means leaving nothing behind in the way of identifying information, putting control of personal data squarely in the hands of the individual. The GDPR gives individuals comprehensive rights to access, correct, port, erase, and object to the processing and storage of their data. If a customer decides to leave Hushmail, they have the right to have their personal data fully erased from Hushmail databases. In compliance with the GDPR, we have made it quick and easy for customers to make a clean break by contacting customer care.
Some of the GDPR rules, such as providing a more comprehensive consent form, will affect all of our Hushmail customers. Other rules will only directly affect our EU customers. However, we readily acknowledge that the GDPR rules support what has always been our closest held value, the right to private communication. All Hushmail customers, not just those in the EU, can expect to benefit from the changes we have made due to the GDPR.
Steve Youngman has been part of the Hushmail team since 2000. With degrees in Commerce and Law from the University of British Columbia, he is well suited to lead our finance, privacy, and legal departments. Steve has extensive experience providing business, tax, and legal advice to entrepreneurial clients.