On 25 May 2018, major European legislation on data protection comes into force: the EU General Data Protection Regulation — or GDPR.
We want to share some of the steps Cobot is taking to ensure that we are compliant. Learn how the GDPR might affect you and your members. Here’s what you need to know.
What’s GDPR?
The GDPR is the most comprehensive EU data privacy law in over 20 years. It strengthens users’ rights regarding their personal data. Its purpose is to harmonize data privacy laws across Europe.
This new law replaces the Data Protection Directive 95/46/EC, which was introduced in 1995 when only 1% of Europeans had access to the Internet. Given that in 2016, 85% of European households had access to the internet, the old Data Protection Directive clashes with the realities of modern day internet.
The EU General Data Protection Regulation — or GDPR — is a major new European data protection law that comes into effect on 25 May 2018.
Why is it important?
At its core, the GDPR is about people’s right to view, change, access and understand what is done with their data. It provides necessary and important empowerment for everyone who uses online services. For these reasons, we understand and support the goals of the GDPR and see it as the beginning of building a global data protection standard that will benefit everyone.
Trust and security have always been key components of our core values. Cobot takes users’ security and privacy very seriously (both for space operators and members) and avoids any unnecessary data exposure. While we are committed to making Cobot as secure and transparent as possible, we also encourage all our users to take ownership of their data, ask questions and work with us to improve our product.
What is Personal Data?
The GDPR defines personal data as any piece of information that can be used on its own or in conjunction with other data to directly identify a natural person. This means, for example, that once your space begins storing members’ names, emails, physical addresses, phone numbers, or other personal data of so-called EU Data Subjects, you are processing EU personal data under the GDPR.
Personal data also includes, but is not limited to information about hobbies, memberships or payment details, as well as physical, economic, cultural or social identity.
Who does the GDPR apply to?
In a nutshell, the new data protection law applies to all companies that process personal data of Data Subjects residing in the European Union, regardless of the companies’ location.
Who is protected by the GDPR?
Although most of the information online refers to the data protection of “EU citizens”, the GDPR uses the term “Data Subject” instead of “Citizen” or “Resident”, meaning any “natural person whose personal data is processed by a ‘controller’ or ‘processor”, “regardless of their nationality or residence”.
My space is outside of the EU, will GDPR affect me?
Most likely, yes. This privacy overhaul has significant implications for every organization that deals with EU Data Subjects (meaning both EU residents and citizens), regardless of where that data is processed — therefore, it will have global impact. Moreover, while there is a great deal of uncertainty about the GDPR outside of the EU, you should keep in mind that the GDPR may set the standard for privacy regulations in other countries too, which could give you a competitive advantage in the future.
Will there be any visible changes to Cobot for us and our members?
Our team is building all the necessary features that will enable you to lawfully add and process your member’s data. For example, consent requests must be made in intelligible and easily accessible forms. Furthermore, consent must be distinguishable from other matters and be easy to withdraw. Our new features will enable you as space administrators to inform your members more clearly about the purposes of your data requests and their processing.
On the other hand, your members will have control over the information they give you. Cobot’s new features are accounting for the right of members to obtain confirmation as to whether or not their personal data is being processed, where it is processed, and for what purpose (also known as the “right to access”).
The GDPR essentially consists of four things:
- Explicit consent.
- Right to be forgotten.
- Data portability.
- Algorithm transparency.
At Cobot, these principles have already been guiding our development standards, and the new regulations defined by the GDPR will add even more data protection features to our product:
- The ability to add, display, manage and get approval for individual privacy policies per space
- Double opt-in for newsletters
- Easily request your data
- Delete all data linked to any individual user
Will the GDPR require any action on our part — as a Cobot customer?
The GDPR has different requirements depending on how you handle people’s personal data, and handling personal data is a joint responsibility.
- “Data Controllers” are organizations that collect data and decide why, how and for how long that data is processed.
- “Data Processors” are organizations that carry out the data processing on behalf of a Data Controller.
Here at Cobot, we’ve been updating our product according to the GDPR regulations to make sure that we provide you with mechanisms to help you lawfully process and keep your members’ data. Still, there will be a few things that Cobot can’t take care of for you, because it concerns how you manage your space and how you relate to your members.
We — as a Data Processor — will implement the necessary features, but coworking space operators — as Data Controllers — will need to take the new requirements into account as well when onboarding new members and processing their information.
We’ll be publishing more GDPR-related information and other updates that might affect you and your community as things develop.
Additional resources:
- https://www.eugdpr.org/
- https://www.eugdpr.org/glossary-of-terms.html
- https://ec.europa.eu/info/law/law-topic/data-protection_en
Please note that this post is for informational purposes only, and should not be relied upon as legal advice. The GDPR is undeniably very complex, and while we want to help our users prepare for the change, GDPR could affect your business outside of how you use Cobot. We encourage all our users to educate themselves and have added a few links above to this effect. If you have further questions and want a precise overview of how the GDPR might affect your space, we recommend seeking the advice of a specialised lawyer.
If you aren’t already using Cobot to manage your coworking space, give it a go! Just sign up for a free trial or a live demo session. You’ll find our features can help you run your coworking more effectively and grow your community.
Happy Coworking!
