Subsplash & GDPR

 

Here at Subsplash, we’re excited about the advent of the Global Data Protection Regulation (GDPR)! The GDPR is a new European Union law, effective May 25th, 2018, which seeks to enforce a heightened level of responsibility all around the world concerning the personal data of EU residents. Although it may seem strange to get excited about new laws and regulations, we really believe in the foundational principles of the EU’s GDPR and the precedent that it is setting for the rest of the world. The GDPR carries at its core the idea that protecting and caring for people’s personal data is more than just a legal obligation, but that personal information privacy is a fundamental human right. As Americans, we’ve had privacy from the government for private citizen information as a core element of our Constitution in the Bill of Rights for a few hundred years and we continue to be proponents of this type of freedom in the US and abroad.

We agree that thoroughly integrating these principles into our product development and business processes is essential to the proper stewardship of sensitive information entrusted to us by anyone who has a relationship with our company. With this in mind, we took the initiative last year to join the EU-US Privacy Shield, a voluntary membership program that holds members accountable to most of the same data security and privacy standards expressed in the GDPR. Furthermore, we continue to cultivate a rich culture of data security and privacy with other programs, such as our internal information security program, annual PCI-DSS certification, and now our GDPR compliance efforts.

While the GDPR has encouraged some refinements to a few of our internal operations, the most notable changes are the updates to our Privacy Policy and Terms of Service, as well as the specific process by which we will respond to European data subject requests covered by the GDPR (detailed in the Privacy Policy). Essentially, we’ve made it a point to ensure that we collect as little information as possible, to keep that information safe and private, and to give you the right to understand, correct, and delete that information (unless prohibited by law).