What is GDPR?
On May 25th 2018, the European Union General Data Protection Regulation (GDPR) came into effect throughout the European Union (EU) and European Economic Area (EEA) to protect the data privacy of EU citizens and to change the way organizations approach data privacy. This new regulation has created a lot of discussion, and confusion among sales and marketing professionals both inside and outside the EU.
What GDPR Governs?
GDPR was created to protect EU Data Subjects–any EU citizen located within the EU. Personal data as is covered by GDPR is any information related to a person that can be used to identify the person including, but not limited to:
• Email address
• Banking information
• Social media posts
• Medical information
• Computer IP address
What is Personal Data?
"Personal data" means information about an individual that:
- Can be used to identify, contact, or locate a specific individual
- Can be combined with other information that is linked to a specific individual to identify, contact or locate a specific individual (e.g. a user ID)
- Is defined as "personal data" or "personal information" by applicable laws or regulations.
Personal data includes contact information (names, addresses, phone numbers), online information (Member profiles, login information, IP addresses), government identification (tax ID, passport), and other data which can be used individually or in combination with other data to identify a person.
Personal data that are considered sensitive are:
- Sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms.
- Ethnic origins or race
- Biometric data
What CellarStone is Doing
CellarStone welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for CellarStone to deepen our commitment to data protection. CellarStone will comply with the GDPR in the delivery of our service to our customers. At CellarStone, we take data security seriously. We’ve been working hard to make sure we meet our obligations under the GDPR and are transparent about how we process data. CellarStone closely analyzed the requirements of the GDPR and has made the necessary modifications to its products and services and documentation to support GDPR compliance for our customers.
Commitment to GDPR Compliance
The General Data Protection Regulation (GDPR) is currently in effect in the European Union (EU). We have made enhancements to our products, contracts and documentation in order to support compliance with GDPR for InsideSales and our customers.
Who is affected? The GDPR applies to all companies processing and holding the personal data of any identified or identifiable individuals (data subjects) residing in the European Union, regardless of the company’s location.
What changed? The GDPR increases privacy rights to EU individuals, which strengthens compliance obligations for companies, and extends the powers of Data Protection Authorities (“DPA”). For instance, the GDPR (1) expands rights for EU individuals to delete, restrict and port personal data; (2) Increases compliance obligations to implement suitable policies and security protocols and keep records on data activities; and (3) Gives greater enforcement penalties to authorities to fine companies up to the greater of €20 million or 4% of a company’s annual global revenue, depending on the type of breach and damages incurred.
What are we doing? We have reviewed the requirements of the GDPR and have made enhancements to our products, contracts and documentation in order to support compliance with GDPR for InsideSales and our customers. We comply with the GDPR in the delivery of our products and services to our customers.
Internal Requirements for GDPR
GDPR includes provisions for how organizations must store, protect, and manage the data they collect. Organizations are required to build in data privacy by design when developing new systems, to ensure compliance with GDPR. Also, of note is the Data Privacy Impact Assessment (DPIA). DPIA is the process of considering the impact a project or initiative might have on privacy. Organizations have an obligation to perform this assessment when designing new technologies or using existing technologies in new ways.
Some organizations will be required by GDPR to have a Data Privacy Officer (DPO) to help oversee compliance efforts.
We are Here to Answer Your Questions
We are always happy to answer any questions about the privacy and security of our customers’ data, GDPR, or Sales Enablement, in general. Feel free to contact us at