With the deadline for the General Data Protection Regulation (GDPR) fast approaching, companies are finalizing their plans for compliance. Today, The comments platform Comentarismo announced that it is in full compliance with the regulation in terms of publisher obligations.
The IT team was tasked with the biggest burden related to GDPR: To ensure IT systems, services, and technologies protect customer data and comply with outlined regulations. We have identified a number of steps to take in order to fully comply and respect the world commentators privacy.
"We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins." -Ellen Ullman
Countries and organizations usually define personal information in different ways. However for GDPR, any data that can be used to identify a person, such as a name, an email address, bank account information, social media posts, health information, etc, turns this into a requirement that forces companies to fully rethink how they collect and use data. Every company will have to take this in consideration and become really proactive rather than reactive.
Because the GDPR is laser-focused on the collection, processing, and movement of this personal information, one of the easiest ways to achieve compliance is to anonymize everything.
We rapidly understood that the old model of collecting and then deciding later how to use data besides than invade the users privacy, and raise lots of complains on our channels, does not help on the main point of our platform: "helping internet users to browse through website's comments". Yes comments, not who commented what and when, but what was said is what matters for our users.
We understand that all companies will need to change how they collect data at the front and how they keep it from that point on, because people privacy matters.
This actually requires that companies must create and enforce policies that they might not have, nor wanting to do.
To show our compliance, Comentarismo worked hard through a series of hands on development challenges:
We not only did this for ALL european commentators, but we have decided to do it for everyone in the world. “We believe that GDPR is leading to fundamental changes in the industry. Companies that do not respect users privacy will have a hard time surviving.”
So rather than waiting, we put data processing agreements that anonymize everything and make no room for recognizing real names in place and this basically solves all required elements that GDPR imposes.
We have also reviewed our privacy policies and made sure that they were compliant. We tightened up our own data security, but because we no longer store anyone's data, and we will never do from this point on, we do not offer any rewards for data breaches. We’ve also done comprehensive training on confidentiality with all our Teams.